Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

Stories by Tillson

network security

Detecting Quasar Windows RAT

Detect Quasar RAT malware with Corelight’s open-source Zeek script, leveraging Quasar’s default TLS configuration.

Tillson Galloway Nov 22, 2024

network security

Detecting Abuse of NetSupport Manager

Learn how to use Zeek to easily detect malicious use of NetSupport Manager.

Tillson Galloway Sep 11, 2024

Zeek

Detecting CVE-2022-30216: Windows Server Service Tampering

Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.

Tillson Galloway Aug 9, 2022

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response

Corelight Bright Ideas Blog

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Stories by Tillson

Detecting Quasar Windows RAT

Detecting Abuse of NetSupport Manager

Detecting CVE-2022-30216: Windows Server Service Tampering

Have questions?

Sign up for our newsletter

We’re hiring!