Packets don't lie - Threat Hunting with Zeek

Earlier today, I presented a webinar on ’ Packets don’t lie - Threat Hunting with Zeek.' Thanks to the kind folks at APNIC for initiating the request and starting the email thread. The gist of the presentation was about using Zeek to look for anomalies. Before jumping into Zeek, I introduced Network Security Monitoring. Spoke about conn.log and dns.log and used PCAPs from Stratosphere IPS Project to demonstrate threat hunting with Zeek.

SANOG 37 - Threat Hunting using DNS

PC: Mohan Thomas At SANOG 37, I had the opportunity to share some of the ways in which we have been doing Threat Hunting using DNS at my $dayjob. Here is the video of the presentation. I also had a little demo but I decided to improvise and add slides instead, since the program was running a little behind schedule and I was the only one standing between everyone and their lunch.