5 matches found
PHASE: Passive Human Activity Simulation Evaluation
Cybersecurity simulation environments, such as cyber ranges, honeypots, and sandboxes, require realistic human behavior to be effective, yet no quantitative method exists to assess the behavioral fidelity of synthetic user personas. This paper presents PHASE Passive Human Activity Simulation...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
SnapAttack Log4j / CVE-2021-44228 / log4shell Resources Wh...
One Weird Trick for Reviewing Zeek Logs on the Command Line!
Are you a network security monitoring dinosaur like me? Do you prefer to inspect your Zeek logs using the command line instead of a Web-based SIEM? If yes, try this one weird trick! I store my Zeek logs in JSON format. Sometimes I like to view the output using jq. If I need to search directories ...
RITA - Real Intelligence Threat Analytics
RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection : Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs o...
Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture PCAP files and Zeek formerly Bro logs. These artifacts can be uploaded via a simple browser-based interface or...