Corelight Bright Ideas Blog

This is the Custom Rich Text module

Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.

Stories by Ben

Corelight

Hunting GTPDOOR: The case of the "Black Hat Positive"

Recapping our learnings from the Black Hat NOC, using packet captures and Zeek scripting to decode threat payloads.

Ben Reardon Sep 29, 2025

network security

Tales from the Black Hat NOC (USA 2024) - speed to detect SSHAMBLE

Recapping our learnings from the Network Operations Center (NOC) at Black Hat USA 2024. Using historical network logs to detect threats during the...

Ben Reardon Nov 27, 2024

Zeek

Focus Terrapin patching efforts with Zeek

Learn how Zeek’s metadata approach can help focus patching efforts for the SSH “Terrapin” attack.

Ben Reardon Mar 9, 2024

Zeek

Turning the tables on the infiltrator

Learn how the kill web concept can be applied to cybersecurity, and how it addresses some of the concerns with the kill chain.

Ben Reardon Oct 16, 2023

NDR

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

Take a look at an incident we detected, investigated, triaged, and closed using Corelight at Black Hat Las Vegas 2023.

Ben Reardon Sep 15, 2023

Detecting CVE-2021-38647 OMIGOD

Researchers at wiz.io found vulnerabilities in Windows OMI; Corelight has open-sourced a Zeek package for the most severe of these vulnerabilities.

Ben Reardon Sep 21, 2021

Zeek

Detecting CVE-2021-31166 – HTTP vulnerability

In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability.

Ben Reardon May 27, 2021

Zeek

Detect C2 ‘RedXOR’ with state-based functionality

A very interesting Linux-based command-and-control (C2) malware was described by the research team at Intezer. Here are a few points about this...

Ben Reardon Apr 20, 2021

Zeek

Detecting SUNBURST/Solarigate activity in retrospect with Zeek

Learn how you can use Zeek to detect this level of cunning evasion tactics in your own retrospective hunts and forensic investigations.

Ben Reardon Dec 22, 2020

Zeek

Community detection: CVE-2020-16898

This blog is a brief story of a few points that occurred to me during the less than 24 hours it took to turn around this package from dev to testing.

Ben Reardon Oct 15, 2020

1 2

Secure your cloud.

Cloud enrichment for AWS, GCP,
and Azure

Corelight's
partner program

10 Considerations for Implementing an XDR Strategy

Don't trust. Verify with evidence

The Power of Open-Source Tools for Network Detection and Response

The Evolving Role
of NDR

Detecting 5 Current APTs without heavy lifting

Network Detection and Response

Corelight Bright Ideas Blog

This is the Custom Rich Text module

Stories by Ben

Hunting GTPDOOR: The case of the "Black Hat Positive"

Tales from the Black Hat NOC (USA 2024) - speed to detect SSHAMBLE

Focus Terrapin patching efforts with Zeek

Turning the tables on the infiltrator

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

Detecting CVE-2021-38647 OMIGOD

Detecting CVE-2021-31166 – HTTP vulnerability

Detect C2 ‘RedXOR’ with state-based functionality

Detecting SUNBURST/Solarigate activity in retrospect with Zeek

Community detection: CVE-2020-16898

Have questions?

Sign up for our newsletter

We’re hiring!