TCP
Telegram Zeek, you’re my main notice
Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in ...
Pcaps and the Tools That Love Them Part 2 of ???
There's more to a primitive under the surface, and once we discover what it's actually doing, it opens up a whole new way for us to inspect and filter packets. Lets use the ...
Introducing the Cloud Sensor for GCP
By Vijit Nair, Sr. Director, Product Management, Corelight Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility ...
Who’s your fridge talking to at night?
By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...
Small, fast and easy. Pick any three.
By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become ...
Community detection: CVE-2020-16898
By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to ...
Community ID support for Wireshark
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...
Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing ...
Analyzing Encrypted RDP Connections
By Anthony Kasza, Corelight Security Researcher Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work ...
Threat Alert: TCP Reflection Attacks
Throughout 2019, Radware’s Threat Research Center (TRC) and Emergency Response Team (ERT) have been monitoring and defending against an increasing number of TCP reflection attacks. TCP reflection attacks, such as SYN-ACK reflection ...
