CorelightCorelight’s NOC team faced a unique challenge at Black Hat USA 2024—detecting SSHAMBLE, a new SSH scanner introduced by HD Moore. By tapping into existing logs and Zeek metadata, we identified the tool’s fingerprint in real-time.
What happened next?
✔️ Real-time detection.
✔️ Discovering threats using old logs. ✅✅
✔️ Zeek metadata making sense of encrypted traffic. 🔍
🔗 Head to the blog to learn more: https://corelight.com/blog/black-hat-usa-2024-noc-learnings?utm_source=mstdn&utm_medium=organic-social&utm_campaign=blog&utm_adgroup=blackhat2024noc&utm_content=SSI
