Corelight Bright Ideas Blog

This is the Custom Rich Text module

Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.

Stories by Corelight

malware

Detecting the STRRAT Malware Family

In recent months STRRAT has become one of the top malware families submitted to Any.Run. Here's how to detect it.

Corelight Labs Team May 17, 2024

malware

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

Corelight Labs Team Mar 20, 2024

Zeek

New Sliver C2 Detection Released - Redteam detected

Corelight announces the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework.

Corelight Labs Team May 4, 2023

Zeek

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web...

Corelight Labs Team Nov 30, 2022

Zeek

Detecting 5 current APTs without heavy lifting

Corelight Labs looks at three APT toolsets that have been linked to five threat actors, detecting each using relatively simple search logic.

Corelight Labs Team Nov 8, 2022

Corelight Labs

Detecting the Manjusaka C2 framework

In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.

Corelight Labs Team Sep 29, 2022

Zeek

Detecting CVE-2022-26937 with Zeek

This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.

Corelight Labs Team May 26, 2022

Zeek

Detecting CVE-2022-23270 in PPTP

In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.

Corelight Labs Team May 26, 2022

Zeek

Finding CVE-2022-22954 with Zeek

In this post, we share simple ways to detect evidence of CVE-2022-22954 in Zeek logs, which can be adapted to other data stores (e.g., a SIEM).

Corelight Labs Team May 20, 2022

Zeek

Another day, another DCE/RPC RCE

The Corelight Labs team investigates CVE-2022-26809 and open-sources a Zeek package that detects attempts and successful exploitation in unencrypted...

Corelight Labs Team May 17, 2022

1 2

Secure your cloud.

Cloud enrichment for AWS, GCP,
and Azure

Corelight's
partner program

10 Considerations for Implementing an XDR Strategy

Don't trust. Verify with evidence

The Power of Open-Source Tools for Network Detection and Response

The Evolving Role
of NDR

Detecting 5 Current APTs without heavy lifting

Network Detection and Response

Corelight Bright Ideas Blog

This is the Custom Rich Text module

Stories by Corelight

Detecting the STRRAT Malware Family

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

New Sliver C2 Detection Released - Redteam detected

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Detecting 5 current APTs without heavy lifting

Detecting the Manjusaka C2 framework

Detecting CVE-2022-26937 with Zeek

Detecting CVE-2022-23270 in PPTP

Finding CVE-2022-22954 with Zeek

Another day, another DCE/RPC RCE

Have questions?

Sign up for our newsletter

We’re hiring!