Ldap

Detecting Log4j exploits via Zeek when Java downloads Java

Detecting Log4j exploits via Zeek when Java downloads Java

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP.  Today, we will discuss a third detection method, this one focused on the... Read more »

Detecting Log4j via Zeek & LDAP traffic

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

Finding Very Damaging Needles in Very Large Haystacks

Some of the most costly security compromises that enterprises suffer manifest as tiny trickles of behavior hidden within an ocean of other site activity.  Finding such incidents, and unraveling their full scope once detected, requires far-ranging... Read more »

Search

    Recent Posts