Profiling Whonix

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize online […]

How to Use Corelight and Zeek Logs to Mitigate RDS/RDP Vulnerabilities

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop offered with most Windows operating system platforms. This vulnerability bears the Common Vulnerabilities and exposures number CVE-2019-0708. Remote Desktop Protocol (RDP) is the […]

Examining aspects of encrypted traffic through Zeek logs

By Richard Bejtlich, Principal Security Strategist, Corelight In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a middlebox), you have to abandon direct inspection of HTTP payloads to identify normal, malicious, and suspicious activity. […]

There’s more to Bro than great network data

By Vincent Stoffer, Senior Director of Product Management, Corelight Corelight recently released our 1.15 software update which includes some fantastic new features, including our first group of curated Bro Packages which we’re calling the “Core Collection.”  In this blog post, I’ll tell you a bit more about how Corelight is making it easier to detect threats […]