Precarious exposure of cookies when QUIC rage quits
See how a Black Hat Asia 2026 threat hunt traced rare cleartext HTTP/2 traffic to exposed cookies after repeated QUIC and TLS failures.
See how a Black Hat Asia 2026 threat hunt traced rare cleartext HTTP/2 traffic to exposed cookies after repeated QUIC and TLS failures.
At Black Hat Asia 2026, online games exposed cleartext inside TLS streams. See how Corelight uses network visibility to verify encryption.
See how a Black Hat music trivia game exposed unencrypted traffic, weak validation, and the value of network visibility.
After ten Black Hat NOCs, see what network traffic reveals: cleartext passwords, a leaked API key, and infected devices nobody noticed.
BitRAT hides its C2 over HTTPS, but a default SSL certificate gives it away. See how to detect it with Zeek, Suricata, and SIEM queries.
Discover how AI and custom GPTs are transforming detection engineering, helping threat hunters draft Suricata and YARA rules in minutes instead of...
Discover what defending the Black Hat NOC taught me about using Model Context Protocol (MCP) to build an agentic SOC and accelerate threat hunting.
Learn how Corelight detects ScoutC2 malware using Zeek, SIEM queries, and Suricata rules for distinctive HTTP paths, methods, headers, and payload...
Richard Bejtlich introduces NDR Essentials, a guide to using high-fidelity network evidence for detection, response, and threat hunting.