Jonathan Ham | Threat Hunting, Quick and Dirty: S0/E1: Eewww! Zeek Ate a Worm Again! (recidivised)

Jonathan Ham | Threat Hunting, Quick and Dirty: S0/E1: Eewww! Zeek Ate a Worm Again! (recidivised)

Rate this post

Segmented worms (phylum Annelida, with tens of thousands of species) are truly ancient creatures, dating back to at least the early Cambrian Period — more than 500 million years ago! They continue to proliferate today, during the modern Internet Period, with new species emerging regularly.

In this recidivised episode, we explore the use of Zeek and other tools to rapidly facilitate our interest in “helminthology”: the study of parasitic worms. Our focus will be on foundational techniques that have stood the test of time, regardless of species.

(Note: This is Episode 4 of a series of Threat Hunts. The previous three are:
S1/E1: 492063616E207374696C6C2073656520796F7521–
S1/E2: Seriously, I Really Can Still See You –
S1/E3: Do you C2? If you do, ICU. –

They can be found on the Wild West Hackin’ Fest YouTube channel.)

Jonathan Ham is a network forensics and defensive cyber operations expert with more than two decades in the field. Jonathan literally wrote the book on network forensics (as well as the first mainstream instruction on the topic), based on his experience advising in both the public and private sectors, from small startups to the Fortune 50, the U.S. DoD across multiple forces, and several other U.S. federal agencies. As a Principal Instructor with the SANS Institute, he has instructed hundreds of students annually on network intrusion detection, security operations, and perimeter defense.

Likes: 0



Leave a Comment

Your email address will not be published. Required fields are marked *

0 3 0 1 2 1 9 9 9 4 5