Zeek
PrintNightmare, SMB3 encryption, and your network
CVE-2021-1675 is a vulnerability that targets the Windows Print Spooler service. Find out more about detecting the PrintNightmare vulnerability here.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Introducing the C2 Collection and RDP inferences
We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software.
Vince Stoffer
May 18, 2021
Zeek
Small, fast and easy. Pick any three.
Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Today, we are excited to announce the Software...
Seth Hall
Nov 18, 2020
Network Security Monitoring
Network Security Monitoring data: Types I, II, and III
This blog post explains three levels of analysis and how encryption has affected NSM, demonstrating that NSM remains relevant, despite encryption.
Richard Bejtlich
Jul 8, 2020
Zeek
Analyzing encrypted RDP connections
Open source Zeek is capable of analyzing RDP connections and does a fantastic job handling the many options and configurations the RDP protocol...
Anthony Kasza
May 13, 2020
Zeek
Detecting OpenBSD CVE-2019-19521 SSH exploit attempts
Here's a simple prototype script which identifies CVE-2019-19521 within SSH connections.
Anthony Kasza
Dec 6, 2019
Zeek
Light in the darkness: New Corelight Encrypted Traffic Collection
Version 18 of our software features the Encrypted Traffic Collection which focuses on SSH, SSL/TLS certificates and insights into encrypted network...
Vince Stoffer
Nov 20, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019
Zeek
How Zeek can provide insights despite encrypted communications
This post will outline some methods Zeek employs to provide visibility into SSH connections.
Anthony Kasza
May 7, 2019
Zeek
Examining aspects of encrypted traffic through Zeek logs
In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.
Richard Bejtlich
Feb 19, 2019