Detecting CVE-2022-26937 with Zeek
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
In this post, we share simple ways to detect evidence of CVE-2022-22954 in Zeek logs, which can be adapted to other data stores (e.g., a SIEM).
The Corelight Labs team investigates CVE-2022-26809 and open-sources a Zeek package that detects attempts and successful exploitation in unencrypted...
This blog post discusses Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.
This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.
The blog covers a third log4j detection method, this one focused on the second-stage download that happens after the first stage completes.
We recently discussed some methods for detecting the Log4j exploit, and we’ve developed another method that one running Zeek® or a Corelight sensor...
Simplify the detection of CVE-2021-44228 exploit (the log4j 0-day known as Log4Shell) with Corelight.
Learn how to detect the CVE-2021-42292 exploit, which relies on Excel fetching a second Excel file, through behavioral tricks.