Network Security Monitoring
Corelight launches the Entity Collection
Corelight Entity Collection, now available in v26 software release, features 3 new packages: Known Entities, Application Identification and Local...
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
IoT/OT/ICS threats: Detecting vulnerable Boa web servers
Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web...
Corelight Labs Team
Nov 30, 2022
Zeek
Detecting 5 current APTs without heavy lifting
Corelight Labs looks at three APT toolsets that have been linked to five threat actors, detecting each using relatively simple search logic.
Corelight Labs Team
Nov 8, 2022
Corelight Labs
Detecting the Manjusaka C2 framework
In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.
Corelight Labs Team
Sep 29, 2022
Zeek
Detecting CVE-2022-30216: Windows Server Service Tampering
Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.
Tillson Galloway
Aug 9, 2022
Zeek
Detecting CVE-2022-26937 with Zeek
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
Corelight Labs Team
May 26, 2022
Zeek
Detecting CVE-2022-23270 in PPTP
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.
Corelight Labs Team
May 26, 2022
Zeek
Another day, another DCE/RPC RCE
The Corelight Labs team investigates CVE-2022-26809 and open-sources a Zeek package that detects attempts and successful exploitation in unencrypted...
Corelight Labs Team
May 17, 2022
Corelight Labs
Detecting Windows NFS Portmap vulnerabilities
This blog post discusses Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.
Corelight Labs Team
Apr 21, 2022
Zeek
Telegram Zeek, you’re my main notice
I’ve created and released a Zeek package, zeek-notice-telegram. I’ll walk you through a simple example so you can write your own action.
Yacin Nadji
Jul 29, 2021