Zeek
Detecting CVE-2022-30216: Windows Server Service Tampering
Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Detecting CVE-2022-26937 with Zeek
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
Corelight Labs Team
May 26, 2022
Zeek
Detecting CVE-2022-23270 in PPTP
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.
Corelight Labs Team
May 26, 2022
Corelight Labs
Detecting Windows NFS Portmap vulnerabilities
This blog post discusses Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.
Corelight Labs Team
Apr 21, 2022
Zeek
Detecting CVE-2021-42292
Learn how to detect the CVE-2021-42292 exploit, which relies on Excel fetching a second Excel file, through behavioral tricks.
Corelight Labs Team
Nov 10, 2021
Zeek
Detecting CVE-2021-31166 – HTTP vulnerability
In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability.
Ben Reardon
May 27, 2021
Zeek
Community detection: CVE-2020-16898
This blog is a brief story of a few points that occurred to me during the less than 24 hours it took to turn around this package from dev to testing.
Ben Reardon
Oct 15, 2020
Zeek
Together is faster: Zeek for vulnerabilities
I love this quote by John Lambert. It perfectly describes the impact network defenders can achieve by pooling resources, insights, and techniques.
Gregory Bell
Aug 18, 2020
Zeek
Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
We’ve just open sourced a Zeek package that detects exploit attempts and successes. This package demonstrates a couple of aspects that are worth...
Ben Reardon
Jul 28, 2020
Zeek
Ripple20 Zeek package open sourced
Today we are open sourcing a Zeek package that passively detects the presence of some of the tell-tale signs that Treck devices can exhibit.
Ben Reardon
Jun 30, 2020