Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.
CVE-2019-0708 is a serious vulnerability awaiting exploitation. Learn how to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities.
Over the last six months, a variety of MSPs were compromised. In this post, I aim to get a better understanding of those incidents.
Learn about the four NSM data types and the four core functions which one can perform with a passive network visibility platform.
Is IPS a feature or a product? I will present my view on the topic, but I’m more interested in hearing what readers think!
In this post I examine the statement's relevance and discuss why implementing NSM via passive instrumentation delivers on the promise of the...