zeek

Detecting Default Meterpreter HTTPS Listeners

by

Meterpreter is an advanced payload within the well-known Metasploit Framework (MSF). We will look specifically at the reverse_https payload and see how we can detect the listener in our environment. I always tell my junior analysts to make sure they can detect the low-hanging fruit. For instance, most tools such as Metasploit and Cobalt Strike … Read more

Ingesting PCAP Files with Zeek and Splunk

by

Whenever I want to analyze a relatively small packet capture (PCAP), I load it up in Wireshark and get the job done. However, this process does not scale and becomes a problem with large-sized pcap files. Even if you split, let’s say, a 25 terabyte PCAP up into smaller chunks, can you imagine how long it would … Read more