Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Log4j: Separating the exploits from the noise

Feb 28, 2022 By Corelight In Corelight
Attackers have already found thousands of potential ways to obfuscate their log4j attacks, which are sweeping the Internet at breakneck speed. SOCs protecting still-vulnerable assets have a duty to chase down every alert for it that pops up - which are coming in at a rate of tens or hundreds of thousands of times a day for larger enterprises. This webcast will covers how a data-driven strategy can automate that insurmountable task into a process that quickly reveals systems that actually responded to the attack - letting teams focus on the alerts that matter the most.
View Video
Corelight

Acting on CISA's advice for detecting Russian cyberattacks

Feb 28, 2022 By Alex Kirk In Corelight

Given that active cyber warfare has broken out alongside Russia’s active invasion of Ukraine - from Russian wiper malware to Anonymous hacking Russian state TV - CISA’s recent “Shields Up” memo is a timely insight into some of the TTPs defenders of critical infrastructure should be keeping an eye out for. Let’s break down the four key areas outlined in the memo and examine ways they can be detected with network data.

Read Post

Thinking Like a Threat Actor: Hunting the Ghost in the Machine

Feb 24, 2022 By Corelight In Corelight
An advanced adversary has bypassed the perimeter defenses, moved inside the environment, and become a literal ghost in the machine, free to move from system to system.... searching for its next target. This is a scenario that every SOC fears, and it presents a daunting threat hunting challenge. But, as we will demonstrate, it doesn't have to.
View Video
Corelight

Application Layer Infrastructure Visibility in IaaS

Feb 10, 2022 By Ricky Lin In Corelight

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group configuration, in light of the recent Log4Shell vulnerability. While limitations are similar in all IaaS environments, consider the following AWS architecture with focus on the web servers running on EC2 instances.

Read Post

Securosis Webinar New Age Network Detection

Feb 2, 2022 By Corelight In Corelight
New Age Network Detection: Keeping pace with the Evolution of Tech Infrastructure New approaches to network detection and response to address increasing attacker sophistication and cloud-based resources. How advances in analytics help organizations detect attacks in encrypted traffic and identify command and control traffic. The advantage of an open data approach is to integrate with existing detection capabilities.
View Video

XDR: The Importance of Network Technology

Feb 2, 2022 By Corelight In Corelight
XDR is new to the marketplace, and there remains confusion about what it is - and is not. Alex Kirk of Corelight likes to dispel the myth that it's about endpoint security. "You've got to have the N," he says - network technology. In this interview, he dispels myths and expounds on possibilities. In this video interview with Information Security Media Group, Kirk discusses.
View Video
Corelight

Government gets serious: deadlines for Zero Trust Architectures

Feb 2, 2022 By Jean Schaffer In Corelight

Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any dramatic leaps. OMB’s new memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is changing this pattern, and setting deadlines for implementation across the government.

Read Post
Corelight

Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

Jan 26, 2022 By Corelight Labs Team In Corelight

In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a proof of concept for an attack against the vulnerability. This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.

Read Post
Corelight

Detecting Log4j exploits via Zeek when Java downloads Java

Dec 18, 2021 By Corelight Labs Team In Corelight

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.