“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” - John Lambert (Distinguished Engineer, Microsoft) By Greg Bell, CEO of Corelight I love this quote. I ... Read more »
Zeek
Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in com ... Read more »
Corelight ECS mapping: Unified Zeek data for more efficient analytics
By Ed Smith, Senior Product Marketing Manager, Corelight In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. If you’re n ... Read more »
Day 1 detection: CVE-2020-0601, a community, and 40 lines of code
By Richard Bejtlich, Principal Security Strategist, Corelight On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI ( ... Read more »