Hi all,
Here are the idea submissions we received for the Ideas Phase of ZPC-3:
-
Package to detect known C2 frameworks such as Empire, Koadic, FactionC2, Covenant, Merlin, etc. based on their unique traffic patterns.
-
Package to generate a new ARP log, and to detect known attacks such as ARP spoofing, flooding, scanning, etc
-
Package to generate NFS log, and detect anomalous NFS activity.
-
Spicy parser for IGMP
If you’re a developer and you’d like to help with one of the ideas that were submitted then take a look at the following blog post https://zeek.org/2020/08/21/zpc-3-developers-phase-open/ for more information.
Thanks,
~Amber