TALK TO AN EXPERT
ad-images-nav_0001_SANs thumb

SANS Protects: The Network

DOWNLOAD WHITE PAPER

ad-images-nav_0009_Threat-hunting-guide

Threat hunting guide

GET THE GUIDE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

ad-images-nav_0000_Thinking-like-a-threat-actor

Thinking like a Threat Actor: Hunting the Ghost in the Machine

WATCH THE WEBCAST

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

ad-nav-video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

Corelight Bright Ideas Blog

Open Source Community

Zeek on Windows

Editor's note: This post was originally published on the Zeek.org blog on Nov. 28, 2022. Reposted here in full with permission as a courtesy. Read more »

New position brings new open source opportunities

Today marks the start of ZeekWeek, the annual conference for information technologists who rely on the open-source Zeek® network for security monitoring. Read more »

What makes evidence uniquely valuable?

Editor's note: This is the third in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the  posts here. American novelist F. Scott Fitzgerald famously wrote that “the test of a first-rate intelligence... Read more »

World’s first 100G Zeek sensor

As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion Detection” paper written in 2015 at Berkeley Lab. The paper... Read more »

Tracking down a glibc regression

We’d just upgraded our glibc package from 2.32 to 2.33, when we noticed some peculiar behavior. Glibc 2.32 had a number of minor security issues and needed to be patched or upgraded. Instead of back-porting the patches to 2.32 we decided to upgrade... Read more »

Detecting Zerologon (CVE-2020-1472) with Zeek

CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation vulnerability that allows an attacker to change the... Read more »

Meet the Corelight CTF tournament winners

This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds,  we invited the top performers back for a champions round and... Read more »

Together is faster: Zeek for vulnerabilities

“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  Read more »

Ripple20 Zeek package open sourced

Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of... Read more »

Detecting GnuTLS CVE-2020-13777 using Zeek

CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

Search

    Recent Posts