Hi all!
We’re excited to announce the winners of the 2nd Zeek Package Contest (ZPC-2). Please join us in congratulating: Michael “Dop” Dopheide, Michael Torres and Jeff Atkinson.
-
First Place ($2000.00) – Zeek-Known-outbound contributed by Michael “Dop” Dopheide. This script provides the ability to track and alert on outbound service usage to a list of ‘watched’ countries. It also adds the country codes for your orig and resp in conn.log. To help reduce repeated entries, it uses a persistent Broker data store.
-
2nd Place ($1000.00) – SPL-SPT Sequence of Payload Lengths/Sequence of Payload Times contributed by Michael Torres. This Zeek plugin will save the following fields to spl.log in the logging directory.
- uid – The related SSL session’s unique identifier.
- orig_spl – A vector of configurable length (default 20), containing the lengths of encrypted payloads from the session originator
- resp_spl – A vector of configurable length (default 20), containing the lengths of encrypted payloads from the session responder
- orig_spt – A vector of configurable length (default 20), containing the time interval between encrypted payloads from the session originator
- resp_spt – A vector of configurable length (default 20), containing the time interval between encrypted payloads from the session responder
- 3rd Place ($500.00) – RDPF (Zeek Remote Desktop Fingerprinting script) contributed by Jeff Atkinson. This script will create a new log containing details that build the fingerprint, plus some additional information. The fingerprint is created by concatenating extracted fields from different data packets.
Many thanks to all those who contributed packages and helped judge the competition!
Link to the full announcement: https://zeek.org/2020/06/15/zeek-package-contest-zpc-2-winners-announced/
Stay tuned for more as ZPC-3 will be announced soon!
With gratitude,
~Amber