[Zeek] tcmalloc large alloc

Rogers, Zach Zach.Rogers at oregonstate.edu
Sat May 18 16:03:20 PDT 2019


Hey Seth,

Did you have a chance to look into this?

If anyone else has any input that would be helpful as well!

All the best,

--
Zach Rogers
Lead Security Analyst
Security and Network Monitoring
Oregon Research & Teaching Security Operations Center (ORTSOC)
Phone: 541.737.7723
GPG Fingerprint: ECC5 03A6 7E91 17C6 50C6 8FAC D6A0 8001 2869 BD52 

On 3/27/19, 10:57 AM, "Seth Hall" <seth at corelight.com> wrote:

    
    
    On 27 Mar 2019, at 11:54, Zander Work wrote:
    
    > The first two showing ??:0 makes sense b/c those are memory addresses. 
    > It looks like the PE analyzer might be the culprit but I'm not sure.
    
    Yep, I knew the first two would look like that.  It's ASLR being applied 
    to glibc function (which is fine and not what I was interested in 
    anyway).  It did end up showing what I expected it to.  I'll look around 
    a little bit and see if anything makes sense.
    
    Thanks!
       .Seth
    
    --
    Seth Hall * Corelight, Inc * www.corelight.com
    




More information about the Zeek mailing list