Here are the idea submissions we received for the Ideas Phase of ZPC-3:
Package to detect known C2 frameworks such as Empire, Koadic, FactionC2, Covenant, Merlin, etc. based on their unique traffic patterns.
Package to generate a new ARP log, and to detect known attacks such as ARP spoofing, flooding, scanning, etc
Package to generate NFS log, and detect anomalous NFS activity.
Spicy parser for IGMP
If you’re a developer and you’d like to help with one of the ideas that were submitted then take a look at the following blog post https://zeek.org/2020/08/21/zpc-3-developers-phase-open/ for more information.