Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

CONTACT US
forrester wave report 2023

Forrester rates Corelight a strong performer

GET THE REPORT

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

video

WEBINAR: Amplifying Security Insights with Corelight and Cribl

WATCH NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

Corelight Bright Ideas Blog

Ben Reardon

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the... Read more »

Detecting ​​CVE-2021-38647 OMIGOD

Researchers at wiz.io recently found a series of vulnerabilities in Windows Open Management Infrastructure (OMI) software, which is widely installed on cloud-based Azure Linux Agents. We have open-sourced a Zeek package for the most severe of these... Read more »

Detecting CVE-2021-31166 – HTTP vulnerability

In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced many such responses over the last year (see Appendix A), and this one is a good demonstration... Read more »

Detect C2 ‘RedXOR’ with state-based functionality

Recently a very interesting Linux-based command-and-control (C2) malware was described by the research team at Intezer. As usual there is a set of simple network-based IOCs in the form of domains and IPs that organizations can search against their... Read more »

Detecting SUNBURST/Solarigate activity in retrospect with Zeek

The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds package. Read more »

Community detection: CVE-2020-16898

This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scope, we in Corelight Labs immediately set... Read more »

Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Read more »

Ripple20 Zeek package open sourced

Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of... Read more »

Recent Posts