Ben Reardon
Bright Ideas Blog

Community detection: CVE-2020-16898

Community detection: CVE-2020-16898

| | Bad Neighbor, Corelight Labs, CVE-2020-16898, DoS, ESNET, GitHub, ICMP, IPv6, mcafee, Microsoft, pcap, PoC, REC, Remote Code Execution, RFC4443, RFC8106, TCP, Windows, Zeek, ZeekWeek
By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scope, we in Corelight Labs immediately set about preparing a Zeek package with the ... Read More
Bright Ideas Blog

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

| | BIG-IP, cisa, Corelight Labs, CVE-2020-5902, CVE10, f5, GitHub, http, HTTPS, NCC Group, open source, rce, Remote Code Execution, Sigma, Suricata, Uncategorized, Zeek
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in compromising that device? That’s definitely bad… Recently the US Cybersecurity and Infrastructure Security Agency ... Read More
Bright Ideas Blog

Ripple20 Zeek package open sourced

| | Corelight Labs, GitHub, ICS, iot, JSOF, open source, Open Source Community, Ripple20, TReck, Zeek
By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of devices and you are in the right ... Read More
Bright Ideas Blog