Zeek
Focus Terrapin patching efforts with Zeek
Learn how Zeek’s metadata approach can help focus patching efforts for the SSH “Terrapin” attack.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
The Art of Team Building: Blueprints from the Black Hat NOC
Here are my learnings from participating in NOCs at Black Hat Asia and Black Hat Las Vegas in 2023.
Dustin Lee
Oct 31, 2023
Zeek
Writing a Zeek package in TypeScript with ZeekJS
In this article we'll share some useful guidance for writing a real-world Zeek package in JavaScript or TypeScript.
Simeon Miteff
Oct 26, 2023
Zeek
Turning the tables on the infiltrator
Learn how the kill web concept can be applied to cybersecurity, and how it addresses some of the concerns with the kill chain.
Ben Reardon
Oct 16, 2023
Zeek
Detecting Gozi Banking Malware
I ran into a sample of the Gozi banking malware in the wild. This is how I developed an open source detection package to find it with Zeek.
Keith J. Jones
Sep 7, 2023
Zeek
Extending visibility through our new ICS/OT collection
We're excited to announce the launch of our ICS/OT Collection to help extend foundational visibility.
Vince Stoffer
Jun 22, 2023
Zeek
Key takeaways from RSA 2023: #BetterTogether and AI in security
Whether or not you made it to RSA 2023, check out this blog to learn about key themes from this year’s conference.
Ed Smith
May 8, 2023
Zeek
New Sliver C2 Detection Released - Redteam detected
Corelight announces the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework.
Corelight Labs Team
May 4, 2023
Zeek
Zeek on Windows
A recap of the open-source work since the beginning of the Zeek collaboration with Microsoft. Originally posted on Zeek.org on Nov. 28, 2022.
Tim Wojtulewicz
Dec 5, 2022
Zeek
IoT/OT/ICS threats: Detecting vulnerable Boa web servers
Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web...
Corelight Labs Team
Nov 30, 2022