Corelight Labs
Detecting Windows NFS Portmap vulnerabilities
This blog post discusses Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Detecting SUNBURST/Solarigate activity in retrospect with Zeek
Learn how you can use Zeek to detect this level of cunning evasion tactics in your own retrospective hunts and forensic investigations.
Ben Reardon
Dec 22, 2020
Zeek
Give me my stats!
In this post I am going to walk you through the process I used to develop a package called “my_stats” that pulls memory information from a running...
Keith J. Jones
Sep 21, 2020
Network Security Monitoring
No tap? No problem!
This post will discuss four dimensions of not having network taps in place and offer advice on making the best of available visibility options.
Richard Bejtlich
Oct 22, 2019
Zeek
An attack or just a game? Corelight can help you tell the difference quickly
This true story illustrates how Corelight could have assisted with the realization that activity is not suspicious or malicious, but is in fact...
Richard Bejtlich
Sep 12, 2019
Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Richard Bejtlich
Jul 18, 2019
Zeek
Bring Network Security Monitoring to the cloud with Corelight and Amazon VPC Traffic Mirroring
Announcing the Corelight Cloud Sensor, deployable in AWS and capable of ingesting traffic directly from the new Amazon VPC traffic mirroring feature.
John Gamble
Jun 25, 2019
Filed Under: Network Security Monitoring
Investigating the effects of TLS 1.3 on Corelight logs, part 3
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
Richard Bejtlich
Jun 7, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 1
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.
Richard Bejtlich
May 29, 2019