Segmented worms (phylum Annelida, with tens of thousands of species) are truly ancient creatures, dating back to at least the early Cambrian Period — more than 500 million years ago! They continue to proliferate today, during the modern Internet Period, with new species emerging regularly.
In this recidivised episode, we explore the use of Zeek and other tools to rapidly facilitate our interest in “helminthology”: the study of parasitic worms. Our focus will be on foundational techniques that have stood the test of time, regardless of species.
(Note: This is Episode 4 of a series of Threat Hunts. The previous three are:
S1/E1: 492063616E207374696C6C2073656520796F7521– https://youtu.be/A4mYzfNCXSs
S1/E2: Seriously, I Really Can Still See You – https://youtu.be/tvrF0TKPAdQ
S1/E3: Do you C2? If you do, ICU. –https://youtu.be/P7LQXJOzHto
They can be found on the Wild West Hackin’ Fest YouTube channel.)
Jonathan Ham is a network forensics and defensive cyber operations expert with more than two decades in the field. Jonathan literally wrote the book on network forensics (as well as the first mainstream instruction on the topic), based on his experience advising in both the public and private sectors, from small startups to the Fortune 50, the U.S. DoD across multiple forces, and several other U.S. federal agencies. As a Principal Instructor with the SANS Institute, he has instructed hundreds of students annually on network intrusion detection, security operations, and perimeter defense.