Zeekurity Zen – Part VI: Zeek File Analysis Framework

Zeekurity Zen – Part VI: Zeek File Analysis Framework

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Configured Zeek 

Zeekurity Zen – Part V: Zeek Intelligence Framework

Zeekurity Zen – Part V: Zeek Intelligence Framework

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Configured Zeek 

Attacking The BlueKeep

Attacking The BlueKeep

R-C-E, It’s Easy as R-D-P On May 14, 2019, Microsoft published a security advisory regarding a critical remote code execution (RCE) vulnerability (CVE-2019-0708) affecting Remote Desktop Services (RDP) on older versions of Windows including XP, Vista, 7 and Server 2003/2008. Windows 8 and 10 are 

Zeekurity Zen – Part IV: Threat Hunting With Zeek

Zeekurity Zen – Part IV: Threat Hunting With Zeek

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Configured Zeek 

Zeekurity Zen – Part II: Zeek Package Manager

Zeekurity Zen – Part II: Zeek Package Manager

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Now we’ll introduce the Zeek Package Manager to extend Zeek’s functionality with packages 

Zeekurity Zen Zeries

Zeekurity Zen Zeries

Zeek (formerly named Bro) is my favorite network security monitoring platform, and I’ve used and promoted it throughout my career.  It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting 

How to Choose the Right EPP / EDR Solution

How to Choose the Right EPP / EDR Solution

This post is featured on the CrowdStrike Blog. Introduction Like most cybersecurity professionals, you’re looking for an EPP that protects against current and evolving threats, is easy to deploy and manage, and is ultimately invisible to end-users.  Today, there are dozens of these platforms available, and 

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Now we’ll