Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

GET THE REPORT >

Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

GET THE REPORT >
CONTACT US
CONTACT US

START HERE

Evidence-based security

 

WHY CORELIGHT

Complete visibility

Next-level analytics

Faster investigation

Expert hunting

    CORELIGHT LABS

    Recent research

    Mission and team

    Insights

    Polaris program

      TRENDING TOPICS

      Encrypted traffic

       

      VERTICALS

      Federal
        forrester wave report 2023

        Forrester rates Corelight a strong performer

        GET THE REPORT

        OVERVIEW

        Open NDR Platform

        Analytics & detections

        MITRE ATT&CK®

         

        PRODUCTS

        Zeek®-based evidence

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Mandiant

            Microsoft

            Splunk

            View all

             

            USE CASES

            Case Studies

            View all
              ad-nav-crowdstrike

              Corelight now powers CrowdStrike solutions and services

              READ MORE

              ad-images-nav_0013_IDS

              Alerts, meet evidence.

              LEARN MORE ABOUT OUR IDS SOLUTION

              ad-images-nav_white-paper

              5 Ways Corelight Data Helps Investigators Win

              READ WHITE PAPER

              BLOG

              Read the latest

               

              EVENTS

              Meet with us

               

              RESOURCE CENTER

              Document Library

                GLOSSARY

                IDS False Positive

                NDR vs. XDR vs. EDR

                Digital Forensics & Incident Response (DFIR)

                Intrusion Detection System (IDS)

                NDR (Network Detection & Response)

                Packet Capture (PCAP)

                Signature-Based Detection
                    video

                    WEBINAR: Amplifying Security Insights with Corelight and Cribl

                    WATCH NOW

                    ad-images-nav_0006_Blog

                    Don't trust. Verify with evidence

                    READ BLOG

                    ABOUT US

                    About Corelight

                    Careers

                    Leadership

                    Investors

                    Newsroom

                    Apex Awards

                      CHANNEL PARTNERS

                      Partner Program

                      Deal registration

                      Partner Academy

                      Become a Partner
                          ad-nav-NDR-for-dummies

                          NDR for Dummies

                          GET THE WHITE PAPER

                          video

                          The Power of Open-Source Tools for Network Detection and Response

                          WATCH THE WEBCAST

                          ad-nav-ESG

                          The Evolving Role of NDR

                          DOWNLOAD THE REPORT

                          SUPPORT SERVICES

                          Open a ticket

                          Account login

                          Technical bulletins

                          Report a security vulnerability

                            WORLD-CLASS SUPPORT

                            Support overview
                                ad-images-nav_0006_Blog

                                Detecting 5 Current APTs without heavy lifting

                                READ BLOG

                                Corelight Bright Ideas Blog

                                Corelight Labs Team

                                Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

                                By Corelight Labs Team – January 26, 2022

                                In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a... Read more »

                                Detecting Log4j exploits via Zeek when Java downloads Java

                                By Corelight Labs Team – December 18, 2021

                                We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the... Read more »

                                Detecting Log4j via Zeek & LDAP traffic

                                By Corelight Labs Team – December 16, 2021

                                We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

                                Simplifying detection of Log4Shell

                                Simplifying detection of Log4Shell

                                By Corelight Labs Team – December 14, 2021

                                Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the... Read more »

                                Detecting CVE-2021-42292

                                By Corelight Labs Team – November 10, 2021

                                On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding,... Read more »

                                PrintNightmare, SMB3 encryption, and your network

                                By Corelight Labs Team – July 7, 2021

                                CVE-2021-1675, also tracked in CVE-2021-34527, is a remote code execution vulnerability that targets the Windows Print Spooler service. In a nutshell, there is a Distributed Computing Environment / Remote Procedure Call (DCE/RPC) that allows... Read more »

                                Corelight Sensors detect the ChaChi RAT

                                By Corelight Labs Team – June 24, 2021

                                Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as its preferred command and control (C2) mechanism. We downloaded two PCAPs from the malware... Read more »

                                Corelight Sensors detect the ChaChi RAT

                                By Corelight Labs Team – June 23, 2021

                                Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as its preferred command and control (C2) mechanism. We downloaded two PCAPs from the malware... Read more »

                                Pingback: ICMP Tunneling Malware

                                By Corelight Labs Team – May 6, 2021

                                Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows systems and communicates with its controller via ICMP messages. ICMP (Internet Control... Read more »

                                Recent Posts