Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

All
Zeek
Network Security Monitoring
featured
network security
NDR
Corelight
network detection response
cybersecurity
network traffic analysis
SOC
Bro
network visibility
Corelight Labs
Richard Bejtlich
SIEM
Product
open source
Announcements
threat hunting
Suricata
Splunk
DNS
Industry
PCAP
TLS
BlackHat
open source community
Corelight Sensor
NSM
Partnership
HTTP
MITRE ATT&CK
GitHub
Incident response
Zeek Logs
encrypted traffic
network evidence
SSH
microsoft
encrypted traffic collection
Detection
JSON
command and control
encryption
ja3
AWS
HTTPS
IDS
SSL
conn.log

Zeek

Give me my stats!

In this post I am going to walk you through the process I used to develop a package called “my_stats” that pulls memory information from a running...

Keith J. Jones Sep 21, 2020

Zeek

Detecting Zerologon (CVE-2020-1472) with Zeek

To assist in detecting Zerologon (CVE-2020-1472), we’ve open sourced a Zeek package that detects both attempted and successful exploits.

Yacin Nadji Sep 16, 2020

Zeek

Meet the Corelight CTF tournament winners

We hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. Here are the...

John Gamble Sep 15, 2020