x509

Finding SUNBURST Backdoor with Zeek Logs & Corelight

Finding SUNBURST Backdoor with Zeek Logs & Corelight

| | C2, Corelight Labs, dns, fireeye, http, Industry, Mandiant, Network IOC, OIP, Orion, PT, SIEM, Sigma rules, Solarigate, SolarWinds, Splunk, SUNBURST, x509, Zeek
John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software ...
Bright Ideas Blog
PolarProxy + Docker

PolarProxy in Docker

| | AArch64, arm32, arm64, container, curl, DNAT, Docker, Dockerfile, HTTPS, pcap, PCAP-over-IP, pcapoverip, PolarProxy, proxy, TLS, TLSI, X.509, x509
Our transparent TLS proxy PolarProxy is gaining lots of popularity due to how effective it is at generating decrypted PCAP files in combination with how easy it is to deploy. In this ...
NETRESEC Network Security Blog
PolarProxy + Docker

PolarProxy in Docker

| | AArch64, arm32, arm64, container, curl, DNAT, Docker, Dockerfile, HTTPS, pcap, PCAP-over-IP, pcapoverip, PolarProxy, proxy, TLS, TLSI, X.509, x509
Our transparent TLS proxy PolarProxy is gaining lots of popularity due to how effective it is at generating decrypted PCAP files in combination with how easy it is to deploy. In this ...
NETRESEC Network Security Blog
Extracting RSAPrivateCrtKey and Certificates from an Android Process

Extracting RSAPrivateCrtKey and Certificates from an Android Process

| | android, certificate, memory, RSAPrivateCrtKey, x509
An Android application that I assessed recently had extensive cryptographic controls to protect client-server communication and to secure its local storage. To top that, its source code was completely obfuscated. Combined, these ...
Random Security