Hot Topics

CVE-2020-5902

f5 Honeypot Network Forensics

Honeypot Network Forensics

| | 185.160.24.70, 45.12.206.76, BIG-IP, BigIP, CapLoader, CVE-2020-5902, deserialization, f5, Honeypot, Java, NCC, NetworkMiner, pcap, SerializationDumper, tmui, User-Agent, utilCmdArgs, VPN, X-Forwarded-For
NCC Group recently released a 500 MB PCAP file containing three months of honeypot web traffic data related to the F5 remote code execution vulnerability CVE-2020-5902. In a blog post the NCC ...
NETRESEC Network Security Blog
f5 Honeypot Network Forensics

Honeypot Network Forensics

| | 185.160.24.70, 45.12.206.76, BIG-IP, BigIP, CapLoader, CVE-2020-5902, deserialization, f5, Honeypot, Java, NCC, NetworkMiner, pcap, SerializationDumper, tmui, User-Agent, utilCmdArgs, VPN, X-Forwarded-For
NCC Group recently released a 500 MB PCAP file containing three months of honeypot web traffic data related to the F5 remote code execution vulnerability CVE-2020-5902. In a blog post the NCC ...
NETRESEC Network Security Blog
™

Together is faster: Zeek for vulnerabilities

| | BIG-IP, CallStranger, Curveball, CVE-2020-0601, CVE-2020-12695, CVE-2020-1350, CVE-2020-13777, CVE-2020-5902, f5, GitHub, GnuTLS, John Lambert, Jupyter, MITRE ATT&CK, Open Source Community, pcap, Ripple20, Sigma, SIGRed, SOC, Zeek
“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  By Greg Bell, CEO of ...
Bright Ideas Blog

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

| | BIG-IP, cisa, Corelight Labs, CVE-2020-5902, CVE10, f5, GitHub, http, HTTPS, NCC Group, open source, rce, Remote Code Execution, Sigma, Suricata, Uncategorized, Zeek
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
Bright Ideas Blog

Secure Guardrails