Get Started

          Archives for May 2021

          Detecting CVE-2021-31166 – HTTP vulnerability

          In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced many such responses over the last year (see Appendix A), and this one is a good demonstration... Read more »

          What the Cyber EO means for federal agencies

          For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises. However, it is a step toward accelerating the modernization of public... Read more »

          World’s first 100G Zeek sensor

          As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion Detection” paper written in 2015 at Berkeley Lab. The paper... Read more »

          Introducing RDP Inferences

          Corelight recently released a new package, focused on RDP inferences, as part of our Encrypted Traffic Collection. This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.  Read more »

          C2 detections, RDP insights and NDR at 100G

          Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network detection and response workloads in high throughput... Read more »

          Introducing the C2 Collection and RDP inferences

          We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that defenders can quickly identify and contain a security incident... Read more »

          How do you know?

          Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do your DNS queries all have responses, and are they what you expected? Do your alerts mean something, or nothing? Read more »

          Tracking down a glibc regression

          We’d just upgraded our glibc package from 2.32 to 2.33, when we noticed some peculiar behavior. Glibc 2.32 had a number of minor security issues and needed to be patched or upgraded. Instead of back-porting the patches to 2.32 we decided to upgrade... Read more »

          Pingback: ICMP Tunneling Malware

          Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows systems and communicates with its controller via ICMP messages. ICMP (Internet Control... Read more »

          Search

            Recent Posts