Find SolarWinds backdoors with Zeek & Corelight

You will discover how to:

  • Query Zeek logs in a SIEM to hunt for Sunburst IOCs
  • Run community Suricata and Sigma rules for detections
  • Investigate DNS and HTTP traffic for evidence of SolarWinds Orion compromise


Aaron Soto

Director of Learning

Aaron Soto is at Corelight, teaching users about the Zeek network monitoring platform. He's recently been part of the Metasploit development team, DEF CON’s OpenSOC blue team capture-the-flag event, and coaching UT Austin students on both defensive and offensive techniques. His passion is teaching up-and-coming blue teams how to find and stop attacks on their networks.

Alex Kirk

Global Principal, Suricata

Alex is a veteran open source security evangelist with a deep engineering background. In 10 years with Sourcefire Research (VRT), he wrote the team’s first malware sandbox and established its global customer intelligence sharing program. He has spoken at conferences across the globe and was a contributing author for “Practical Intrusion Analysis”, and oft-used textbook for university courses on IDS. His security engineering background also includes time at Cisco and Tenable.