Open Source Community
Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi
Richi Jennings | | BIOS, CVE-2023-40547, Enterprise Linux and Open Source, Linux, open source, Open Source and Software Supply Chain Risks, open source code, Open Source Community, open source components, open source development, Open Source Ecosystem, SB Blogwatch, secure boot, shim, UEFI, UEFI Failing, UEFI vulnerabilities
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...
Security Boulevard
World’s first 100G Zeek sensor
Sarah Banks | | 100G, Announcements, AP 5000, Command And Control, Fleet Manager, intrusion detection, Lawrence Berkeley Labs, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, open source, Open Source Community, Product, RDP, SIEM, Suricata, Zeek
By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was ...
Tracking down a glibc regression
By Justin Azoff, Senior Staff Engineer, Corelight We’d just upgraded our glibc package from 2.32 to 2.33, when we noticed some peculiar behavior. Glibc 2.32 had a number of minor security issues and ...
Who Owns Open Source Security?
According to a recent report by the Internet Security Forum, open source software (OSS) is quickly becoming a pillar within enterprise infrastructure. In fact, OSS is now used in 99% of commercial ...
Security Boulevard
Detecting Zerologon (CVE-2020-1472) with Zeek
Yacin Nadji | | ciphertext, Corelight Labs, CVE-2020-1472, CVSS10, LateralMovement, Microsoft, Netlogon, Open Source Community, python, Secura, Sigma, Splunk, vulnerability, Windows Server, Zeek, ZeroLogon
By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
Meet the Corelight CTF tournament winners
John Gamble | | Announcements, Capture the Flag, Cobalt Strike C2, ctf, dns, Elastic, JA3, Open Source Community, pcap, Splunk, ssl.log, Zeek
By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic ...
Together is faster: Zeek for vulnerabilities
gregorybellcorelight | | BIG-IP, CallStranger, Curveball, CVE-2020-0601, CVE-2020-12695, CVE-2020-1350, CVE-2020-13777, CVE-2020-5902, f5, GitHub, GnuTLS, John Lambert, Jupyter, MITRE ATT&CK, Open Source Community, pcap, Ripple20, Sigma, SIGRed, SOC, Zeek
“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft) By Greg Bell, CEO of ...
Ripple20 Zeek package open sourced
Ben Reardon | | Corelight Labs, GitHub, ICS, iot, JSOF, open source, Open Source Community, Ripple20, TReck, Zeek
By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain ...
Detecting GnuTLS CVE-2020-13777 using Zeek
Johanna Amann | | Apache, Corelight Labs, CVE-2020-13777, GnuTLS, mitm, Network Security, network security monitoring, network traffic analysis, network visibility, Open Source Community, openssl, pcap, Public Key Cryptography, TLS, TLS 1.2, TLS 1.3, Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...
Day 1 Detection: CVE-2020-0601, a community, and 40 Lines of code
Richard Bejtlich | | CVE-2020-0601, Elliptic Curve Cryptography, GitHub, Microsoft, NetFlow, network security monitoring, open source, Open Source Community, Richard Bejtlich, vulnerability, Windows CryptoAPI, Zeek
By Richard Bejtlich, Principal Security Strategist, Corelight On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way ...