“Translation is the tip of the iceberg”: A deep dive into specialty models - Related to every, a, have?, deep, iceberg”:
One quality every engineering manager should have? Empathy.
One quality every engineering manager should have? Empathy.
Ryan talks with senior engineering manager Caitlin Weaver about how her childhood fascination with computers led to her leading CLEAR’s Cloud Infrastructure Engineering team, her experiences in DevOps, the role of empathy in engineering management, and how the platform engineering landscape is evolving.
Editor's Note: The following is an infographic written for and 's 2025 Trend investigation, Developer Experience: The Coalescence of Develo......
Minha experiência com programação mudou completamente no dia em que eu descobri e aprendi a usar o Docker. Conseguir subir e gerenciar serviços na min......
I’ll be honest and say that the View Transition API intimidates me more than a smidge. There are plenty of tutorials with the most impressive demos sh......
Splunk Boss of the SOC- Corelight trickbot ctf
Hello everyone! It's been a while since I last posted but you know it's improved later than never. 😏.
During this time, I came across the following challenge: Corelight trickbot ctf.
Spoiler alert ➡️You need to create an account first. You'll then discover more "games" and learning rooms. I was grateful when I discovered this site, because it teaches you how to use Splunk SIEM in a more advanced way. It's totally worth it!
Now let's dive into Corelight Partner Experience! 😎.
101. How many total Suricata alerts were generated in this index?
index="corelight" sourcetype=* "suricata" | dedup sourcetype | table sourcetype Enter fullscreen mode Exit fullscreen mode.
index="corelight"sourcetype="corelight_suricata_corelight" Enter fullscreen mode Exit fullscreen mode.
102. Most of the alerts are being generated by a single source host. What is its IP address?
index="corelight" sourcetype="corelight_suricata_corelight" Enter fullscreen mode Exit fullscreen mode.
103. What's the name of the malware family identified by these alerts?
index="corelight" sourcetype="corelight_suricata_corelight" alert.signature="ET MALWARE Win32/Trickbot Data Exfiltration" Enter fullscreen mode Exit fullscreen mode.
104. Let's take a closer look at the "ET MALWARE Win32/Trickbot Data Exfiltration" alerts. You'll notice that three of the alerts share a single UID, meaning they all occured on a single TCP stream. What is that UID?
index="corelight" sourcetype="corelight_suricata_corelight" "Win32/Trickbot Data Exfiltration" Enter fullscreen mode Exit fullscreen mode.
Note: The UID (Unique Identifier) in this context is used to uniquely identify a specific TCP stream or connection. When multiple alerts share the same UID, it means they are part of the same network communication session. This can be useful for correlating related events and understanding the full scope of an attack or suspicious activity.
105. What is the IP address of the malicious server involved in the alerts for this stream?
index="corelight" sourcetype="corelight_suricata_corelight" "alert.signature"="ET MALWARE Win32/Trickbot Data Exfiltration" uid=CAoNRI62m9CRqS0R2 | table src, dest Enter fullscreen mode Exit fullscreen mode.
106. What layer 7 protocol is the traffic in the previous question flowing over that generates the alerts?
That's intended to be the application involved in the event. For example, a user attempting to login to an SSH service would be an example of an authentication event, and the "app" would be "SSH" or "SSHD" or something along those lines.
107. Taking the UID mentioned in the previous question and searching for it across the index, we see that a corelight_notice log was also generated. What is the number of the MITRE ATT&CK TTP referenced in the notice?
index="corelight" CAoNRI62m9CRqS0R2 sourcetype=corelight_notice Enter fullscreen mode Exit fullscreen mode.
108. What User-Agent string was sent as part of the Trickbot HTTP requests?
index="corelight" uid=CAoNRI62m9CRqS0R2 sourcetype=corelight_http | table http_user_agent Enter fullscreen mode Exit fullscreen mode.
109. What is a process name that is repeated within the POST body of these HTTP requests?
Image Path will always be: %SystemRoot%\system32\[website].
Number of instances: many (generally at least 10 , and often more than 50 ).
Runs with the -k parameter to differentiate/services => the absence of this parameter is a strong indication that something is off.
110. Let's look at what happened after the malware was dropped. Looking at Suricata alerts following the Trickbot alert, a popular scanning tool appears to have been used for reconnaissance. What is the name of that tool?
index="corelight" sourcetype="corelight_suricata_corelight" | stats values(alert.signature) Enter fullscreen mode Exit fullscreen mode.
111. One of the alerts generated by our infected host could result in command execution on a wireless access point. Looking at the response from the remote system, however, it's pretty clear that the attack failed. How many bytes did the target send back to the attacker on this connection?
index="corelight" sourcetype="corelight_suricata_corelight" | stats values(alert.signature) Enter fullscreen mode Exit fullscreen mode.
index="corelight" sourcetype="corelight_suricata_corelight" "ETPRO Exploit Possible Asus WRT LAN Backdoor Command Execution" Enter fullscreen mode Exit fullscreen mode.
index="corelight" ChGTlJ1zd2PRktosx5 sourcetype=corelight_conn Enter fullscreen mode Exit fullscreen mode.
112. Looking at the layer 7 services used by the infected host after the Trickbot alerts above, we see an SSH connection made to an internal host. What is the IP address of that host?
index="corelight" [website] sourcetype=corelight_ssh auth_success=true | table dest Enter fullscreen mode Exit fullscreen mode.
113. What is the PCR (producer/consumer ratio) of that SSH session?
index="corelight" CLn5mqsd7SVfTn10g sourcetype=corelight_conn Enter fullscreen mode Exit fullscreen mode.
`-0.9959339475461754` Enter fullscreen mode Exit fullscreen mode.
measures the “shape” of a system’s pattern.
of network use. Significant shifts in PCR.
114. Examining the inferences section of the SSH log associated with that session, one code indicates a behavior that explains the PCR we just observed. Which code is it?
index="corelight" CLn5mqsd7SVfTn10g sourcetype=corelight_ssh Enter fullscreen mode Exit fullscreen mode.
Login Failure Daemon is a continuously running process that runs all the time (Every Second) and scans all the login attempts against your server using log file entries and blocks all the entries that fail within a short period of time. These types of attacks are also known as “Brute-Force Attacks“. The Daemon process runs every second and responds very quickly to these patterns and blocks all the offending IPs quickly. (source).
115. The owner of the infected workstation had no credentials to log into [website] over SSH. However, there was another connection between those hosts over HTTP. What attack type was sent over that connection?
index="corelight" [website] [website] sourcetype=corelight_http | table uri Enter fullscreen mode Exit fullscreen mode.
index="corelight" [website] [website] sourcetype=corelight_http Enter fullscreen mode Exit fullscreen mode.
116. What parameter of the [website] script did the infected system attempt to use for SQL injection?
117. What was the HTTP status code from the targeted server?
118. Did this SQL injection attack generate any Suricata alerts? (Yes/No).
119. Returning to SSH connections made by our infected host, we see a second one being made to a country the organization has no business relationship with. What country is that connection going to?
index="corelight" [website] sourcetype=corelight_ssh auth_success=true Enter fullscreen mode Exit fullscreen mode.
120. Judging by the PCR (producer/consumer ratio) of this connection, data was definitely exfiltrated to this external system. What is the SSH host key of that system?
1c:6e:58:a2:57:98:33:f4:53:e8:63:46:df:a2:31:ef.
121. How many payload bytes were sent over that connection?
index="corelight" CPxHxI3uiHLgH2I196 sourcetype=corelight_conn Enter fullscreen mode Exit fullscreen mode.
122. The challenge author's favorite SSL certificate organization name - a default out of many certificate generation tools - is present in this index, highlighted by a Suricata alert. What is that organization name?
index="corelight" sourcetype="corelight_suricata_corelight" | stats values(alert.signature) Enter fullscreen mode Exit fullscreen mode.
What do you say, will you give it a shot and be Boss of the SOC? 😎.
in recent times I've been asked to work on a solution of efficiently running Cypress component tests on pull requests without taking a lot of time. At first,......
The [website] plugin is a powerful Event-Driven Ansible (EDA) tool that listens for incoming HTTP webhook requests and triggers automated wo......
Google Cloud organise Build with Gemini, une journée immersive dédiée aux développeurs, pour explorer les dernières avancées en matière d’IA et de Clo......
“Translation is the tip of the iceberg”: A deep dive into specialty models
“ of the iceberg”: A deep dive into specialty models.
Olga Beregovaya, VP of AI at Smartling, joins Ryan and Ben to explore the evolution and specialization of language models in AI. They discuss the shift from rule-based systems to transformer models, the importance of fine-tuning for translation tasks, and the role of human translators in ensuring reliable, high-quality output. They also touch on the implications of AI in language education and the challenges faced in implementing LLMs in enterprise workflows.
Redis is a high-performance NoSQL database that is usually used as an in-memory caching solution. However, it is very useful as the primary datastore ......
Shane Hastie: Good day folks. This is Shane Hastie for the InfoQ Engineering Culture Podcast. Today I'm sitting down with Courtney Nash. C......
Threat modeling is often perceived as an intimidating exercise reserved for security experts. However, this perception is misleading. Threat modeling ......
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 7.5% | 9.0% | 9.4% | 10.5% | 11.0% | 11.4% | 11.5% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 10.8% | 11.1% | 11.3% | 11.5% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Enterprise Software | 38% | 10.8% |
| Cloud Services | 31% | 17.5% |
| Developer Tools | 14% | 9.3% |
| Security Software | 12% | 13.2% |
| Other Software | 5% | 7.5% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Microsoft | 22.6% |
| Oracle | 14.8% |
| SAP | 12.5% |
| Salesforce | 9.7% |
| Adobe | 8.3% |
Future Outlook and Predictions
The Technology Updates and Analysis landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the software dev sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing software dev challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of software dev evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the technologies discussed in this article. These definitions provide context for both technical and non-technical readers.
platform intermediate
API beginner
Visual explanation of API concept
DevOps intermediate
Related Articles
