network detection response
Detecting Log4j exploits via Zeek when Java downloads Java
The blog covers a third log4j detection method, this one focused on the second-stage download that happens after the first stage completes.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
network detection response
Detecting Log4j via Zeek & LDAP traffic
We recently discussed some methods for detecting the Log4j exploit, and we’ve developed another method that one running Zeek® or a Corelight sensor...
Corelight Labs Team
Dec 17, 2021
network detection response
Simplifying detection of Log4Shell
Simplify the detection of CVE-2021-44228 exploit (the log4j 0-day known as Log4Shell) with Corelight.
Corelight Labs Team
Dec 15, 2021
Zeek
Getting the most out of your NIDS
In this blog post, we’ll look at some tips and tricks for how you can get more out of your Network Intrusion Detection Systems (NIDS).
Jon Natkins
Mar 8, 2021
Zeek
Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
We’ve just open sourced a Zeek package that detects exploit attempts and successes. This package demonstrates a couple of aspects that are worth...
Ben Reardon
Jul 28, 2020
Zeek
DNS over TLS and DNS over HTTPS
In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). Before examining DoT and DoH, it’s important to take a quick look at DNS...
Jamie Brim
Jun 18, 2020
Network Security Monitoring
Using Corelight to monitor and identify exploited VPNs
Network and security devices operate with vulnerabilities that can be exploited. Here's how to use Corelight to monitor and identify exploited VPNs.
Richard Bejtlich
Oct 2, 2019
Zeek
Examining aspects of encrypted traffic through Zeek logs
In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.
Richard Bejtlich
Feb 19, 2019
Zeek
Network security monitoring is dead, and encryption killed it.
This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result.
Richard Bejtlich
Jan 29, 2019
Zeek
Securing the Corelight Sensor
At Corelight, we want our products to be a source of visibility and insight. I’d like to take the opportunity to explain some of the techniques we...
stevesmoot
Sep 6, 2017