zeek – Page 2 – WindowsTechs.com

Extending NDR visibility in AWS IaaS

Posted on April 8, 2021 by Vijit Nair

By Vijit Nair, Sr. Director, Product Management, Corelight Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is c… Continue reading Extending NDR visibility in AWS IaaS→

Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

Posted on December 22, 2020 by Ben Reardon

Ben Reardon – Corelight Labs Researcher The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds pa… Continue reading Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example→

Finding SUNBURST Backdoor with Zeek Logs & Corelight

Posted on December 15, 2020 by John Gamble

John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software updates to d… Continue reading Finding SUNBURST Backdoor with Zeek Logs & Corelight→

Who’s your fridge talking to at night?

Posted on November 19, 2020 by Gary Fisk

By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how i… Continue reading Who’s your fridge talking to at night?→

Small, fast and easy. Pick any three.

Posted on November 18, 2020 by Seth Hall

By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise orga… Continue reading Small, fast and easy. Pick any three.→

Community detection: CVE-2020-16898

Posted on October 15, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scop… Continue reading Community detection: CVE-2020-16898→

Community ID support for Wireshark

Posted on October 7, 2020 by Christian Kreibich

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark→

Community ID support for Wireshark

Posted on October 7, 2020 by Christian Kreibich

Detecting Zerologon (CVE-2020-1472) with Zeek

Posted on September 16, 2020 by Yacin Nadji

By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation vulnerabi… Continue reading Detecting Zerologon (CVE-2020-1472) with Zeek→

Meet the Corelight CTF tournament winners

Posted on September 15, 2020 by John Gamble

By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds, we invite… Continue reading Meet the Corelight CTF tournament winners→