[Zeek] Zeek Package Contest – ZPC-2 – Winners Announced!

Amber Graner akgraner at corelight.com
Mon Jun 15 13:59:30 PDT 2020 

Hi all!

We're excited to announce the winners of the 2nd Zeek Package Contest
(ZPC-2).  Please join us in congratulating: Michael “Dop”
 Dopheide, Michael Torres and Jeff Atkinson.

* First Place ($2000.00)  – Zeek-Known-outbound contributed by Michael
“Dop”  Dopheide. This script provides the ability to track and alert on
outbound service usage to a list of ‘watched’ countries. It also adds the
country codes for your orig and resp in conn.log. To help reduce repeated
entries, it uses a persistent Broker data store.

* 2nd Place ($1000.00) – SPL-SPT Sequence of Payload Lengths/Sequence of
Payload Times contributed by Michael Torres.  This Zeek plugin will save
the following fields to spl.log in the logging directory.

 - uid – The related SSL session’s unique identifier.
 - orig_spl – A vector of configurable length (default 20), containing the
lengths of encrypted payloads from the session originator
 - resp_spl – A vector of configurable length (default 20), containing the
lengths of encrypted payloads from the session responder
 - orig_spt – A vector of configurable length (default 20), containing the
time interval between encrypted payloads from the session originator
 - resp_spt – A vector of configurable length (default 20), containing the
time interval between encrypted payloads from the session responder

* 3rd Place ($500.00) – RDPF (Zeek Remote Desktop Fingerprinting script)
contributed by Jeff Atkinson. This script will create a new log containing
details that build the fingerprint, plus some additional information. The
fingerprint is created by concatenating extracted fields from different
data packets.

Many thanks to all those who contributed packages and helped judge the
competition!

Link to the full announcement:
https://zeek.org/2020/06/15/zeek-package-contest-zpc-2-winners-announced/

Stay tuned for more as ZPC-3 will be announced soon!

With gratitude,
~Amber
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200615/a537de9c/attachment-0001.html

More information about the Zeek mailing list