Hot Topics

Corelight Labs

Give me my stats!

Give me my stats!

| | Corelight Labs, MyStatsInfo, network detection response, network security monitoring, network traffic analysis, network visibility, scripts, Zeek, zeek logs
By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...
Bright Ideas Blog

Detecting Zerologon (CVE-2020-1472) with Zeek

| | ciphertext, Corelight Labs, CVE-2020-1472, CVSS10, LateralMovement, Microsoft, Netlogon, Open Source Community, python, Secura, Sigma, Splunk, vulnerability, Windows Server, Zeek, ZeroLogon
By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
Bright Ideas Blog

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

| | BIG-IP, cisa, Corelight Labs, CVE-2020-5902, CVE10, f5, GitHub, http, HTTPS, NCC Group, open source, rce, Remote Code Execution, Sigma, Suricata, Uncategorized, Zeek
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
Bright Ideas Blog

Ripple20 Zeek package open sourced

| | Corelight Labs, GitHub, ICS, iot, JSOF, open source, Open Source Community, Ripple20, TReck, Zeek
By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain ...
Bright Ideas Blog
DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS

| | Brave, Chrome, CloudFlare, Cobalt Strike, Command And Control, Corelight Labs, dns, DoH, DoT, Firefox, Godlua, goDoH, HTTPS, json, json+https, Malware, network security monitoring, network traffic analysis, opera, PsiXbot, TLS, TLS 1.3, Zeek
By Jamie Brim, Corelight Security Researcher In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext ...
Bright Ideas Blog
Detecting GnuTLS CVE-2020-13777 using Zeek

Detecting GnuTLS CVE-2020-13777 using Zeek

| | Apache, Corelight Labs, CVE-2020-13777, GnuTLS, mitm, Network Security, network security monitoring, network traffic analysis, network visibility, Open Source Community, openssl, pcap, Public Key Cryptography, TLS, TLS 1.2, TLS 1.3, Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...
Bright Ideas Blog

Detecting the New CallStranger UPnP Vulnerability With Zeek

| | CallStranger, Corelight Labs, CVE-2020-12695, data exfiltration, ddos, http, ne, Network Security, network traffic analysis, port scanning, UPnP, Url, Zeek
By Ryan Victory, Corelight Security Researcher On June 8, Yunus Çadırcı, a cybersecurity senior manager at EY Turkey released a whitepaper and proof of concept code repository for a newly discovered vulnerability ...
Bright Ideas Blog
Analyzing Encrypted RDP Connections

Analyzing Encrypted RDP Connections

| | APT39, APT40, Corelight Labs, encryption, Microsoft, MITRE ATT&CK, MS-RDPBCGR, MS-RDPEUDP, MS-RDPEUDP2, open source, powershell, RDP, SharpRDP, SSH, TCP, TLS, Windows, Zeek
By Anthony Kasza, Corelight Security Researcher Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work ...
Bright Ideas Blog