Get Started

          Sigma

          Translating query into action

          One of the most important aspects of threat hunting is having a place to start. A question, a theory, or a hunch often begins the hunt. Where you end up may not be where you first intended, but a good hunt will always reveal new information about... Read more »

          Detecting Zerologon (CVE-2020-1472) with Zeek

          CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation vulnerability that allows an attacker to change the... Read more »

          Together is faster: Zeek for vulnerabilities

          “There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  Read more »

          Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

          Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Read more »

          Zeek & Sigma: Fully compatible for cross-SIEM detections

          Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

          Search

            Recent Posts