Get Started

          Open Source

          World’s first 100G Zeek sensor

          As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion Detection” paper written in 2015 at Berkeley Lab. The paper... Read more »

          Who’s your fridge talking to at night?

          Who’s your fridge talking to at night?

          I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how it came to be. Read more »

          Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

          Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Read more »

          Ripple20 Zeek package open sourced

          Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of... Read more »

          Analyzing encrypted RDP connections

          Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work. Just like every other remote administration tool, RDP can be used... Read more »

          Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

          On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

          Is there a ‘Z’ in “Vectra”?

          Having worked on Zeek (Bro) for well over two decades now, it’s hugely gratifying – and frankly still somewhat amazing – to see how widely it is used in today’s enterprises. Zeek’s real-time analysis capabilities, extensible scripting,... Read more »

          How Zeek can provide insights despite encrypted communications

          Overview Encrypted communications are ubiquitous. While encryption provides confidentiality, it cannot prevent all means of traffic analysis. Certain protocols, such as SSH and TLS, ensure contents are not directly readable by monitoring systems.... Read more »

          Zeek is much more than a data format

          Last week, a candidate for a senior role at Corelight explained his motivation for joining the company this way: “the world is standardizing on Zeek.”   Read more »

          #winning

          2018 was undoubtedly a banner year for Corelight. We closed out 2018 with many successes under our belt that reflect the hard work of our people: We more than quadrupled our sales year-over-year and more than doubled our customer base and employee... Read more »

          Search

            Recent Posts