Bright Ideas Blog

Archives for May 2022

Finding CVE-2022-22954 with Zeek

CISA released a warning to federal agencies on May 18 that APT actors are actively exploiting recent vulnerabilities found in VMware, including CVE-2022-22954. Your first thought may have been to want new signatures, indicators, and/or behavioral... Read more »

What makes evidence uniquely valuable?

American novelist F. Scott Fitzgerald famously wrote that “the test of a first-rate intelligence is the ability to hold two opposing ideas in mind at the same time, and still retain the ability to function.” All experienced security practitioners... Read more »

Another day, another DCE/RPC RCE

Another day, another DCE/RPC RCE

CVE-2022-26809 was patched in Microsoft’s previous Patch Tuesday (April 12) and it’s a doozy: remote code execution on affected versions of DCE/RPC hosts. The vulnerability attracted a lot of attention in the security community, both because of its... Read more »

Monitoring AWS networks at scale

Corelight is pleased to announce our integration with AWS’s Traffic Mirroring to Gateway Load Balancer (GWLB) Endpoint as a Target. This integration simplifies the monitoring of network traffic and generating Corelight data in massively scaled-out... Read more »

Spotting Log4j traffic in Kubernetes environments

Editor’s note: This is the latest in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Network evidence for defensible disclosure

Editor's note: This is the second in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on the previous post "Don't trust. verify with evidence." Read more »

Search

    Recent Posts