BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//hack-lu-2024//speaker//PTRYM8 BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-hack-lu-2024-SM9XM3@pretalx.com DTSTART;TZID=CET:20241025T101500 DTEND;TZID=CET:20241025T120000 DESCRIPTION:Zeek is an open-source network security monitor (NSM) and analy tics platform that has been around for quite some time (since the mid-90s) . It is used at large university campuses and research labs\, but in the p ast few years\, more and more security professionals in the industry have turned their attention to this fantastic tool. DTSTAMP:20260310T061421Z LOCATION:Vianden & Wiltz SUMMARY:Zeek and Destroy with Python and Machine Learning Workshop (Part 1/ 2) - Eva Szilagyi\, David Szili URL:https://pretalx.com/hack-lu-2024/talk/SM9XM3/ END:VEVENT BEGIN:VEVENT UID:pretalx-hack-lu-2024-KRJMJB@pretalx.com DTSTART;TZID=CET:20241025T140000 DTEND;TZID=CET:20241025T154500 DESCRIPTION:Zeek is an open-source network security monitor (NSM) and analy tics platform that has been around for quite some time (since the mid-90s) . It is used at large university campuses and research labs\, but in the p ast few years\, more and more security professionals in the industry have turned their attention to this fantastic tool.\n\nBut Zeek is so much more than just a NIDS generating alerts (notices) and log files! Zeek's script ing language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions\, detecting brute-force attacks\, o r\, most importantly\, interfacing with external sources\, such as Python! The Zeek Python bindings allow us\, the analysts\, to use powerful Python libraries such as Numpy\, Pandas\, and Tensorflow and apply machine learn ing-based detection on network traffic.\n\nDuring this two-hour workshop\, we will learn about the following topics:\n- Super fast introduction to Z eek (architecture\, events\, logs\, signatures\, etc.)\n- Using machine le arning and data science tools on Zeek logs (as an example\, we will use Fo urier Analysis to detect C2 beaconing)\n- Super fast crash course in Zeek scripting (just enough to understand how to create new logs)\n- Connecting Zeek and Python via the Zeek Broker Communication Framework\n- Using mach ine learning tools in Python on the data we receive from Zeek for detectio n (as an example\, we will use convolutional neural network and random for est models to compare them\, and then use them to find unknown malware in live network traffic)\n\nRequirements for the workshop:\n- A laptop with a t least 16 GB of RAM and more than 50 GB of free disk space (VT-x support must be enabled on the host system).\n- Application to run Virtual Images (type-2 hypervisor): VMWare Workstation Pro (recommended)\, VMWare Worksta tion Player\, VMWare Fusion\, or VirtualBox.\n- Only 64-bit Intel-compatib le (Intel or AMD) processors are supported. WARNING: ARM-based (like Apple Silicon\, Qualcomm Snapdragon\, some Microsoft Surface laptops) devices c annot perform the necessary virtualization and therefore cannot be used fo r the workshop. DTSTAMP:20260310T061421Z LOCATION:Vianden & Wiltz SUMMARY:Zeek and Destroy with Python and Machine Learning Workshop (Part 2/ 2) - Eva Szilagyi\, David Szili URL:https://pretalx.com/hack-lu-2024/talk/KRJMJB/ END:VEVENT END:VCALENDAR