I am proud of the infrastructure we created for our Introduction to Security class at CTU in Prague.
It is a challenge to keep services and student containers up in a quite adversarial network where everyone is attacking but we managed to secure a 99% uptime.
In 15-16 weeks of class, our network sees hundreds of millions of network flows. We use #zeek for log collection, a dockerised suite with #grafana for monitoring, and #splunk for threat hunting.
Students are in full control of their containers. Our classes are a well-balanced mix of attack and defence, where students are in charge of protecting their own containers for the duration of the class. The attacking includes a wide variety of attacks and tools, including active exploiting of web applications and services.
Very proud of each of our students who do not stop surprising us each year!
Using Zeek’s new JavaScript support for MISP integration.
With Zeek 6.0, experimental JavaScript support was added to Zeek, making Node.js and its vast ecosystem available to Zeek script developers to more easily integrate with external systems.
A new ICSNPP-Synchrophasor parser for Synchrophasor Data Transfer for Power Systems (IEEE C37.118) has been integrated.
We've also got a plethora of component version updates, including Arkime to v4.3.0, Capa to v5.1.0, Fluent Bit to v2.1.2, NetBox to v3.5.0, NGINX to v1.22.1, Supercronic to v0.2.24, Suricata to v6.0.10, Yara to v4.3.0, and Zeek to v5.2.1.
Check out the release on GitHub or grab my ISO builds at malcolm.fyi.