Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

Stories by Johanna

Zeek

Detecting GnuTLS CVE-2020-13777 using Zeek

Find a technical description of the bug, how it can be detected in network traffic, and how a short Zeek script can detect vulnerable servers.

Johanna Amann Jun 11, 2020

Industry

The sun sets on TLS 1.0

The major web browsers announced their intent to disable support for TLS 1.0 and TLS 1.1 in 2020. What does this mean, and what are the consequences?

Johanna Amann Sep 16, 2019

Zeek

Runtime Options: the Bro Configuration Framework

Redefs allow the re-definition of already defined constants in Bro. This is often done in local.bro. To modify Site::local_net, use code similar to...

Johanna Amann Feb 13, 2018