Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Detecting GnuTLS CVE-2020-13777 using Zeek

By Johanna Amann – June 10, 2020

CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

The sun sets on TLS 1.0

By Johanna Amann – September 15, 2019

Editor’s note: This post is the result of the author’s work at the International Computer Science Institute where she works as a senior researcher. Read more »

Runtime Options: the Bro Configuration Framework

By Johanna Amann – February 12, 2018

If you are familiar with Bro scripts you have probably encountered redefs, which allow you to change a number of Bro settings. One commonly used redef is Site::local_nets, which lists the networks that Bro considers local. Read more »