By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in ... Read more »
Corelight Labs
Ripple20 Zeek package open sourced
By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device ... Read more »
DNS over TLS and DNS over HTTPS
By Jamie Brim, Corelight Security Researcher In this post, we'll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext DNS requests. By encrypting the DNS ... Read more »
Detecting GnuTLS CVE-2020-13777 using Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which ... Read more »
Detecting the new CallStranger UPnP vulnerability with Zeek
By Ryan Victory, Corelight Security Researcher On June 8, Yunus Çadırcı, a cybersecurity senior manager at EY Turkey released a whitepaper and proof of concept code repository for a newly discovered vulnerability in the Universal Plug and Play ... Read more »