Profiling Whonix

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize online […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 2

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. In this article I will perform the same transaction using TLS 1.2, and compare the logs with […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 1

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over clear-text HTTP, TLS 1.2, and TLS 1.3. In this first of three parts, I will introduce TLS and demonstrate a […]

How to Use Corelight and Zeek Logs to Mitigate RDS/RDP Vulnerabilities

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop offered with most Windows operating system platforms. This vulnerability bears the Common Vulnerabilities and exposures number CVE-2019-0708. Remote Desktop Protocol (RDP) is the […]

Network Security Monitoring, a Requirement for Managed Service Providers?

By Richard Bejtlich, Principal Security Strategist, Corelight Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some examples: December 2018 – The United States Department of Justice indicted two individuals associated with APT10 for their role in compromising […]

How Zeek can provide insights despite encrypted communications

By Anthony Kasza, Security Researcher, Corelight Labs Overview Encrypted communications are ubiquitous. While encryption provides confidentiality, it cannot prevent all means of traffic analysis. Certain protocols, such as SSH and TLS, ensure contents are not directly readable by monitoring systems. However, analysis of size and order of transmitted data can provide grounds for inference. This […]

Zeek is much more than a data format

By Greg Bell, CEO at Corelight Last week, a candidate for a senior role at Corelight explained his motivation for joining the company this way: “the world is standardizing on Zeek.”   And it’s true. The Zeek network security monitoring platform, created by leading researcher and Corelight co-founder Vern Paxson, is having its moment. Thousands of organizations worldwide […]

Mission First, People Always.

By Amber Graner, Community Director, Corelight I’d like to take a moment and introduce myself.  I’m Amber Graner, and I’m excited to join Corelight, Inc as the Director of Community for the open source Zeek project.   When I volunteered to join the U.S. Army in 1989, the saying “Mission first, people always” was something that was often […]

Is IPS a feature or a product?

By Richard Bejtlich, Principal Security Strategist, Corelight This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the topic, but I’m more interested in hearing what readers think! I’ve had a few conversations during the […]