THM Rooms: Zeek and Zeek exercises

Introduction

What?

Network monitoring with Zeek.

Why?

Network monitoring and threat detection.

How?

• Network security monitoring

• Zeek in a nutshell

• Signatures

• Scripts

• Scripts and signatures

• Frameworks

• Packages

Case practice:

• Anomalous DNS

• Phishing

• Log4J