Loading…
Streaming: https://mssvideo.vcu.edu/RVAsec
← Back to schedule
Building Custom Detections with Zeek and Spicy
Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Downstairs, Madison / Jefferson / Monroe
Discover how to use Zeek in order to create custom detections for network threats. We will go over how to create a real detection using Zeek via scripting, protocol analysis, and log analysis.
Zeek is a network monitoring tool that analyzes network traffic with custom analyzers and produces logs. This talk will go over a real threat from beginning to end. This talk will walk through a Redis RCE exploit (eg https://medium.com/@knownsec404team/rce-exploits-of-redis-based-on-master-slave-replication-ef7a664ce1d0) based on master-slave replication and how Zeek can be used to detect it. This will also go over Spicy, a protocol parser generator, and how it helps to detect cases like this.
Speakers
avatar for Evan Typanski

Evan Typanski

Senior Software Engineer, Corelight
Evan is currently a software engineer at Corelight, a network monitoring startup. He is on the open source team, where he works as a maintaner for the Zeek project. His focus is on compilers and low level networking.

Before joining Corelight, Evan worked on static code analysis (SAST) for languages like C/C++, Swift, and Rust. He graduated from the University of Virginia with a BS in Computer Science in 2020... Read More →
Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Downstairs, Madison / Jefferson / Monroe
  101

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link