By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize ... Read more »
Zeek
Give me my stats!
By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a continually running environment with real, and often ... Read more »
Detecting Zerologon (CVE-2020-1472) with Zeek
By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation ... Read more »
Meet the Corelight CTF tournament winners
By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds, ... Read more »
Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for ... Read more »