CVE-2021-1675 is a vulnerability that targets the Windows Print Spooler service. Find out more about detecting the PrintNightmare vulnerability here.
We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software.
Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Today, we are excited to announce the Software...
This blog post explains three levels of analysis and how encryption has affected NSM, demonstrating that NSM remains relevant, despite encryption.
Open source Zeek is capable of analyzing RDP connections and does a fantastic job handling the many options and configurations the RDP protocol...
Here's a simple prototype script which identifies CVE-2019-19521 within SSH connections.
Version 18 of our software features the Encrypted Traffic Collection which focuses on SSH, SSL/TLS certificates and insights into encrypted network...
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
This post will outline some methods Zeek employs to provide visibility into SSH connections.