Bright Ideas Blog

Featured Post

May 17, 2022

Another day, another DCE/RPC RCE

CVE-2022-26809 was patched in Microsoft’s previous Patch Tuesday (April 12) and it’s a doozy: remote code execution on affected versions of DCE/RPC hosts. The vulnerability attracted a lot of attention in the security community, both because of its severity but also because it appears to be really hard to trigger. That and the current (as of May... Read more »

Additional Posts

Another day, another DCE/RPC RCE

By Corelight Labs Team – May 17, 2022

Monitoring AWS networks at scale

By Vijit Nair – May 12, 2022

Corelight is pleased to announce our integration with AWS’s Traffic Mirroring to Gateway Load Balancer (GWLB) Endpoint as a Target. This integration simplifies the monitoring of network traffic and generating Corelight data in massively scaled-out... Read more »

Spotting Log4j traffic in Kubernetes environments

By Stan Kiefer – May 10, 2022

Editor’s note: This is the latest in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Network evidence for defensible disclosure

By Richard Bejtlich – May 5, 2022

Editor's note: This is the second in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on the previous post "Don't trust. verify with evidence." Read more »

Detecting Windows NFS Portmap vulnerabilities

By Corelight Labs Team – April 21, 2022

This month, Microsoft announced two vulnerabilities in portmap, which is part of ONC RPC, on Windows systems. This blog will discuss Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs. Read more »

Sidecars for network monitoring

By Al Smith – April 21, 2022

Editor’s note: This is the second in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Explore Corelight evidence in Humio Community Edition

By Ed Smith – April 19, 2022

Now available: A free and easy way to learn about Humio and Corelight. Read more »

Deeper visibility into Kubernetes environments with network monitoring

By Vijit Nair – April 12, 2022

Editor’s note: This is the first in a series of posts we have planned over the next several weeks. We will explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Don’t trust. Verify with evidence.

By Brian Dye – April 7, 2022

What matters most in a criminal trial? Evidence. Everything depends on the quality and depth of facts deployed to build a case for innocence or guilt. Without compelling evidence, no jury can draw accurate conclusions. Here at Corelight, we are in a... Read more »

VPNs are increasingly common - how much can you see?

By Vince Stoffer – March 24, 2022

New VPN Insights package shines the light on a growing blindspot VPN tunnels are like shipping containers in that they are widely used (especially as the pandemic has moved more of the workforce to remote work), and they can be used to carry traffic... Read more »

Load Older Posts