Forum Discussion

Bronze I

8 days ago

Zeek - Demonstrate Your Skills

Hi, I've done the Q1-15 and added the SHA1 Hash from Q14 to the hash-intel.txt. When i rerun the pcap with "zeek -r demonstrate.pcap", no logs for the Intel-Files will be created (no token generated...

defensive cyber

help & support

netcat

Bronze II

6 days ago

Did you do the lab "Zeek: Ep.6 – File Analysis Framework" (sucessfully)?

I might be wrong, but https://github.com/zeek/zeekctl says that you should run "zeekctl deploy" after each configuration change. And I'm afraid that statement is true.
- My script works when running via command line
- My script doesn't run when added to the local.zeek file
- File hashes are always calculated, also after removing that include from local.zeek

And ofc we can't run zeekctl...we're doomed, almost. It can be done, I just did it (Ep.1-7 and Demonstrate Your Skills).

Hint:
Ignore the lab instructions and do not "Follow instructions and rerun the first command in shell". I repeat, do not. Maybe that worked in the past, but not with the current lab. For me, the signatures part didn't work either, had to figure it out manually. And the last question is quite "interesting", too.

Forum Discussion

Zeek - Demonstrate Your Skills

Related Content

Autopsy: Demonstrate Your Skills

What is a "Demonstrate" Lab and how does it differ from other types of lab?

What Skills Will I Possess After Completing The Cyber Million Program?

How Will I Be Able To Prove My Skills Through The Platform?

What skills will I gain by completing the Cyber Million program?

Recent Discussions

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Foundational Static Analysis: Analyzing Structures