Recent searches
Search options
#Zeek
Cloud-based AI models like DeepSeek offer convenience, but they introduce privacy concerns—especially when handling sensitive network data.
Instead, run DeepSeek locally. Learn how to use Zeek
and the DeepSeek-r1 model with Ollama and Open WebUI to securely and efficiently summarize Zeek package contents, without exposing your data to the cloud.
Keep your investigations in-house and benefit from: 
Enhanced security—no cloud exposure 
️ Improved efficiency in Zeek summarization with local AI processing 
Full control and privacy when working with network monitoring scripts
Take control of your data and investigations, all while improving efficiency.
Read more on the blog: https://corelight.com/blog/secure-deepseek-zeek-analysis?utm_source=mstdn&utm_medium=organic-social&utm_campaign=blog&utm_adgroup=deepseek&utm_content=SSI
Corelight’s NOC team faced a unique challenge at Black Hat USA 2024—detecting SSHAMBLE, a new SSH scanner introduced by HD Moore. By tapping into existing logs and Zeek metadata, we identified the tool’s fingerprint in real-time.
What happened next?
Real-time detection. Discovering threats using old logs. 
Zeek metadata making sense of encrypted traffic. 
Head to the blog to learn more: https://corelight.com/blog/black-hat-usa-2024-noc-learnings?utm_source=mstdn&utm_medium=organic-social&utm_campaign=blog&utm_adgroup=blackhat2024noc&utm_content=SSI
@hack_lu thanks for an awesome conference, keep up the FANTASTIC work you all do.
Here's the ramblings of a tired old man who loved being there.
https://www.infosecworrier.dk/blog/2024/10/hacklu2024.html
@ministraitor @claushoumann @grumpy4n6 (let's go together 2025) #hacklu2024 #Cryptography #Defender #Attacker #RedTeam #KubeHound #Copilot #Microsoft #BlueTeam #OT #Kunai #Zeek #Galah
First up after the morning break we’ve got @christiankreibich of Corelight & Zeek talking about new features in #Zeek !!
@hack_lu #hacklu2024
Talk about #zeek at hack.lu on how to extend protocol support with "spicy". I'm wondering how it compares to the Rust + nom approach in #suricata #hacklu2024
Benjamin Bannier with "Spicy — Generating Robust Parsers for Protocols & File Formats"
Trending at #1 on Any.Run’s malware trends list, Corelight Labs takes on Agent Tesla. This notorious malware specializes in information theft, employing FTP, SMTP, HTTP, and even evasive Telegram C2 protocols. Our latest insights reveal how #Zeek signatures can effectively detect these clandestine activities, providing crucial defenses against evolving cyber threats. Read the full blog: https://corelight.com/blog/detecting-agent-tesla-malware
Today let's speak about the "Network detection" session
- the famous Suricata hacker @regiteric from @StamusNetworks is going to speak about JA3 fingerprinting technique, its killing by Google in Chrome and see if it matters 
- @rafi0t will provide you a WORKSHOP on in depth inspection of suspicious URLs, websites, files with innovative open source tools he develops like Lookyloo or Pandora! 
- @evaszilagyi and @davidszili come with a WORKSHOP at the intersection of the network supervision monitoring platform #Zeek, Python and Machine Learning️
REGISTER your #pts24 seat!
https://pretix.eu/passthesalt/2024/
July, 3-5 2024
Polytech school, Lille, FR
Want to master the basics of #Zeek? Join our webinar on Tuesday, June 18! Learn how to install Zeek on Linux and understand its crucial role in network security monitoring. Register today: https://go.corelight.com/os-getting-started-with-zeek
Join Corelight Strategist and Author in Residence Richard Bejtlich next week for a webinar to learn the basics of #Zeek! From understanding its role in network security monitoring to installing it on Linux, we've got all the essentials covered. Register now: https://go.corelight.com/os-getting-started-with-zeek
Join us in Paris for a day dedicated to all things #Zeek and #Suricata, brought to you by Corelight Open Source! With guest speaker Robin Sommer, Co-founder of Zeek, this is the perfect opportunity to connect with other users and learn something new. Registration is open to everyone. See you on July 2! https://go.corelight.com/os-defender-day-paris-2024
Don't miss our beginner-friendly webinar about #Zeek with Richard Bejtlich(tag), proudly brought to you by Corelight Open Source! Learn how to install Zeek on Linux, understand its role in network security monitoring, and get an intro to Zeek data. Register now: https://go.corelight.com/os-getting-started-with-zeek
Join us on June 18 for a beginner-friendly webinar about #Zeek with Richard Bejtlich, brought to you by Corelight Open Source! Learn how to install Zeek on #Linux, understand its role in network security monitoring, and get an intro to Zeek data. Don’t miss it - register now: https://go.corelight.com/os-getting-started-with-zeek
Tomorrow, join Josef Gustafsson as he demonstrates how to detect and counter lateral movement using the MITRE ATT&CK framework and Corelight's network evidence powered by #Zeek. Register for the webinar now: https://go.corelight.com/lateral-movement-zeek-mitre-attack
Outsmart adversaries on your network! Join Josef Gustafsson on May 21 as he shows in a live webinar how to detect and mitigate lateral movement using the MITRE ATT&CK framework and Corelight network evidence, powered by #Zeek. Hone your detective skill by registering for this insightful session today! https://go.corelight.com/lateral-movement-zeek-mitre-attack
Do you use @zeek or @suricata? Join our Corelight Open Source team on April 19 for a #Zeek and #Suricata-focused training at BSides Kansas City, where Tim Nolen will show how to supercharge your threat detection with these powerful tools. But that's not all! Come back on April 20 and join us for a hands-on Capture the Flag competition where you can put your newfound Zeek and Suricata knowledge to the test through a series of #threathunting challenges. You won't want to miss it! Register today:
https://www.eventbrite.com/e/bsideskc-2024-tickets-837693633207
Using Zeek’s new JavaScript support for MISP integration.
With Zeek 6.0, experimental JavaScript support was added to Zeek, making Node.js and its vast ecosystem available to Zeek script developers to more easily integrate with external systems.
https://www.misp-project.org/2024/01/03/Zeek_JavaScript_MISP_Integration.html/
#zeek #misp #nids #threatintelligence #threatintel #opensource #infosec