Corelight Bright Ideas Blog

Featured Post

Signature-based detections provide fast, effective defense against known attacks. But the threat landscape is rapidly changing: Attackers are utilizing novel, sophisticated techniques that can bypass traditional, signature-based detection methods and also weaponizing legitimate tools and processes to avoid established detection tools, including... Read more »

Additional Posts

Community detection: CVE-2020-16898

By Ben Reardon – October 14, 2020

This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scope, we in Corelight Labs immediately set... Read more »

Beating alert fatigue with integrated data

By Alex Kirk – October 7, 2020

More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority of SOCs still unable to process all the alerts... Read more »

Community ID support for Wireshark

By Christian Kreibich – October 6, 2020

The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

Give me my stats!

By Keith J. Jones – September 20, 2020

I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a continually running environment with real, and often unpredictable, network data. If you add to that other packages... Read more »

Detecting Zerologon (CVE-2020-1472) with Zeek

By Yacin Nadji – September 15, 2020

CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation vulnerability that allows an attacker to change the... Read more »

Meet the Corelight CTF tournament winners

By John Gamble – September 14, 2020

This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds, we invited the top performers back for a champions round and... Read more »

Mixed VLAN tags and BPF syntax

By Richard Bejtlich – August 26, 2020

This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Read more »

Together is faster: Zeek for vulnerabilities

By Gregory Bell – August 17, 2020

“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft) Read more »

NDR for AWS Well-Architected

By Roger Cheeks – August 5, 2020

Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

By Ben Reardon – July 27, 2020

Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

How Corelight's anomaly detection enhances network security

Additional Posts

Community detection: CVE-2020-16898

Beating alert fatigue with integrated data

Community ID support for Wireshark

Give me my stats!

Detecting Zerologon (CVE-2020-1472) with Zeek

Meet the Corelight CTF tournament winners

Mixed VLAN tags and BPF syntax

Together is faster: Zeek for vulnerabilities

NDR for AWS Well-Architected

Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!