Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

Ben Reardon – Corelight Labs Researcher The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software ...
Give me my stats!

Give me my stats!

By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...

Getting Network Visibility into East-West Traffic

Getting highly granular “everywhere” visibility continues to be a significant challenge for organizations as they work to protect their networks from threats. Traditionally, ...

Getting Network Visibility into East-West Traffic

Getting highly granular “everywhere” visibility continues to be a significant challenge for organizations as they work to protect their networks from threats. Traditionally, companies have prioritized monitoring and securing north-south traffic (traffic ...