Partners
          Get Started
          Get Started

          Bright Ideas Blog

          Mitre

          Detecting Log4j exploits via Zeek when Java downloads Java

          Detecting Log4j exploits via Zeek when Java downloads Java

          By Corelight Labs Team – December 18, 2021

          We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP.  Today, we will discuss a third detection method, this one focused on the... Read more »

          Detecting Log4j via Zeek & LDAP traffic

          By Corelight Labs Team – December 16, 2021

          We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

          Simplifying detection of Log4Shell

          Simplifying detection of Log4Shell

          By Corelight Labs Team – December 14, 2021

          Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the... Read more »

          Introducing the Corelight SSH Inference package

          By Anthony Kasza – November 18, 2019

          Corelight has recently released a new package, focusing on SSH inferences, as part of our Encrypted Traffic Collection. The package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.... Read more »

          A network engineer in a Zeek Week world

          By Sarah Banks – November 4, 2019

          With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

          Hello, my name is??

          By Vince Stoffer – June 10, 2019

          Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

          Search

            Recent Posts

            Categories

            See all

            Archives

            See all

            Authors

            See all