Developer Phase of the Zeek Package Contest (ZPC-3) Now Open.

Hi all,

Here are the idea submissions we received for the Ideas Phase of ZPC-3:

  • Package to detect known C2 frameworks such as Empire, Koadic, FactionC2, Covenant, Merlin, etc. based on their unique traffic patterns.

  • Package to generate a new ARP log, and to detect known attacks such as ARP spoofing, flooding, scanning, etc

  • Package to generate NFS log, and detect anomalous NFS activity.

  • Spicy parser for IGMP

If you’re a developer and you’d like to help with one of the ideas that were submitted then take a look at the following blog post https://zeek.org/2020/08/21/zpc-3-developers-phase-open/ for more information.

Thanks,
~Amber