My Day Getting My Hands Dirty with an NDR System

My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response NDR system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Securi...

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding or Content-Length headers set in MIME entities within HTTP bodies and change the analyzer behavior...

I'm Hosting a New Podcast

I'm hosting a new podcast for Corelight. Check out my first episode with our field CTO, Vince Stoffer. Expect new episodes every two weeks. This is no buddy cop discussion -- max content, minimum banter, in about 15 minutes! https://open.spotify.com/episode/0SD2gUvIuB65YFmjjtXfTR...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088: WinRAR Path Traversal Detection Overview Th...

FreeBSD : zeek -- potential DoS vulnerability (ef56065e-81fe-4731-a1e3-606c55925bef)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ef56065e-81fe-4731-a1e3-606c55925bef advisory. Tim Wojtulewicz of Corelight reports: Large QUIC packets can cause Zeek to overflow memory and...

FreeBSD : zeek -- potential DoS vulnerabilities (1ab7357f-a3c2-406a-89fb-fd00e49a71b5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1ab7357f-a3c2-406a-89fb-fd00e49a71b5 advisory. - Tim Wojtulewicz of Corelight reports: A specially-crafted series of FTP packets with a CMD command wi...

FreeBSD : zeek -- potential DoS vulnerabilities (96d6809a-81df-46d4-87ed-2f78c79f06b1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 96d6809a-81df-46d4-87ed-2f78c79f06b1 advisory. - Tim Wojtulewicz of Corelight reports: Receiving DNS responses from async DNS requests via A...

FreeBSD : zeek -- potential DoS vulnerabilities (7a425536-74f7-4ce4-9768-0079a9d44d11)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a425536-74f7-4ce4-9768-0079a9d44d11 advisory. - Tim Wojtulewicz of Corelight reports: Receiving DNS responses from async DNS requests via the...

FreeBSD : zeek -- potential DoS vulnerabilty (204f1a7a-43df-412f-ad25-7dbe88f54fa4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 204f1a7a-43df-412f-ad25-7dbe88f54fa4 advisory. - Tim Wojtulewicz of Corelight reports: Fix potential hang in the DNS analyzer when receiving a...

Exploit for CVE-2021-1675

PrintNightmare CVE-2021-1675 This Zeek script detects succe...

FreeBSD : zeek -- NULL pointer dereference vulnerability (bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b)

Jon Siwek of Corelight reports : Fix NULL pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a setenum. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability. C...

zeek -- null-pointer dereference vulnerability

Jon Siwek of Corelight reports: Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a setenum. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability...

zeek -- Vulnerability due to memory leak

Jon Siwek of Corelight reports: This release fixes the following security issue: A memory leak in multipart MIME code has potential for remote exploitation and cause for Denial of Service via resource exhaustion...

zeek -- Remote crash vulnerability

Jon Siwek of Corelight reports: This release fixes the following security issue: An attacker can crash Zeek remotely via crafted packet sequence...

zeek -- potential denial of service issues

Jon Siwek of Corelight reports: This release addresses the following security issues: Potential Denial of Service due to memory leak in DNS TSIG message parsing. Potential Denial of Service due to memory leak or assertion when compiling with assertions enabled when receiving a second SSH KEX...

Twenty Years of Network Security Monitoring: From the AFCERT to Corelight

I am really fired up to join Corelight. I’ve had to keep my involvement with the team a secret since officially starting on July 20th. Why was I so excited about this company? Let me step backwards to help explain my present situation, and forecast the future. Twenty years ago this month I joined...

FreeBSD : bro -- multiple memory allocation issues (2f4fd3aa-32f8-4116-92f2-68f05398348e)

Corelight reports : Bro 2.5.4 primarily fixes security issues Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a...