Yacin Nadji, Author at Security Boulevard

Hot Topics

Telegram Zeek, you’re my main notice

Yacin Nadji | July 28, 2021 | Corelight Labs, Corelight@Home, NetControl, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Notice Framework, TCP, Telegram, Zeek

Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may be run-of-the-mill in network B. Much like detections, reporting needs will likely differ between networks ... Read More

Bright Ideas Blog

Detecting Zerologon (CVE-2020-1472) with Zeek

Yacin Nadji | September 16, 2020 | ciphertext, Corelight Labs, CVE-2020-1472, CVSS10, LateralMovement, Microsoft, Netlogon, Open Source Community, python, Secura, Sigma, Splunk, vulnerability, Windows Server, Zeek, ZeroLogon

By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation vulnerability that allows an attacker to change the password of any unpatched Active Directory domain controllers ... Read More

Bright Ideas Blog