Corelight Bright Ideas Blog

Tls

Detecting SUNBURST/Solarigate activity in retrospect with Zeek

The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds package. Read more »

Small, fast and easy. Pick any three.

Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

DNS over TLS and DNS over HTTPS

In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH).  Read more »

Detecting GnuTLS CVE-2020-13777 using Zeek

CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

Analyzing encrypted RDP connections

Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work. Just like every other remote administration tool, RDP can be used... Read more »

Light in the darkness: New Corelight Encrypted Traffic Collection

This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

A network engineer in a Zeek Week world

With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

Using Corelight to monitor and identify exploited VPNs

Network and security infrastructure, such as routers, switches, firewalls, virtual private network concentrators, and other equipment, are designed to provide a stable and secure communications experience for client and server computers and their... Read more »

The sun sets on TLS 1.0

Editor’s note: This post is the result of the author’s work at the International Computer Science Institute where she works as a senior researcher. Read more »

Profiling Whonix

Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize... Read more »

Search

    Recent Posts