zeekAnalyzing Cybersecurity Incidents with Zeek IDS | TryHackMe Zeek Exercises

We covered examples of analyzing cybersecurity incidents such as Anomalous DNS, phishing attacks and the Log4j vulnerability using Zeek IDS. We used Zeek IDS in offline packet analysis mode while it can still be used in a live captured mode. The examples used in the video are part of TryHackMe Zeek Exercises room which is part of the SOC Level 1 Track.

Burp Suite Practical Notes

The Complete Practical Web Application Penetration Testing Course

Highlights

Zeek is a passive, open-source network traffic analyser. Many operators use Zeek as a network security monitor (NSM) to support suspicious or malicious activity investigations. Zeek also supports a wide range of traffic analysis tasks beyond the security domain, including performance measurement and troubleshooting.

Run Zeek as a service to be able to perform live network packet capture or to listen to the live network traffic.
To run Zeek as a service we will need to start the “ZeekControl” module which requires superuser permissions to use. You can elevate the session privileges and switch to the superuser account to examine the generated log files with the following command: sudo su

Room Answers

Room answers can be found here.

Video Walkthrough