f5 Honeypot Network Forensics

Honeypot Network Forensics

NCC Group recently released a 500 MB PCAP file containing three months of honeypot web traffic data related to the F5 remote code execution vulnerability CVE-2020-5902. In a blog post the NCC ...
™

Together is faster: Zeek for vulnerabilities

“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  By Greg Bell, CEO of ...

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...