Corelight Bright Ideas Blog: NDR & Threat Hunting Blog (17)

Detecting the new CallStranger UPnP vulnerability with Zeek

By Ryan Victory – June 9, 2020

On June 8, Yunus Çadırcı, a cybersecurity senior manager at EY Turkey released a whitepaper and proof of concept code repository for a newly discovered vulnerability in the Universal Plug and Play (UPnP) protocol. UPnP is widely used in intranets to... Read more »

Analyzing encrypted RDP connections

By Anthony Kasza – May 12, 2020

Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work. Just like every other remote administration tool, RDP can be used... Read more »

The election is six months away. Now is the time to instrument election infrastructure.

By Richard Bejtlich – May 6, 2020

Editor’s Note: Richard recently shared his thoughts on our blog which are now included in an article contributed to StateTech on why the overarching role of the network and election infrastructure is worthy of a deep assessment right now. If state... Read more »

Enabling SOHO Network Security Monitoring

By Richard Bejtlich – April 7, 2020

One of the most popular and regularly occurring questions I see in network security monitoring forums involves how to instrument a small office – home office (SOHO) environment. There are ways to accomplish this goal. For example, I instrument my... Read more »

Watch over DNS traffic with Corelight and Splunk

By Roger Cheeks – March 31, 2020

Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

Using Corelight and Zeek to support remote workers

By Richard Bejtlich – March 24, 2020

Due to the tragic Covid-19 pandemic, as we are all experiencing first hand, most governments and health officials are either mandating or encouraging those who can work from home to do so, as part of widespread “social distancing” measures. Remote... Read more »

The high ground

By Charles Strauss – February 23, 2020

Introducing Corelight’s new story + the value of NTA Read more »

Countering network resident threats

By Richard Bejtlich – February 19, 2020

Vendors often claim that their products or services counter, mitigate, or otherwise affect “nation state threats.” When I worked as a director of incident response at one company, and as a chief security officer at another, claims like these made no... Read more »

12 talks to see at RSA 2020

By Richard Bejtlich – February 9, 2020

RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

Corelight ECS mapping: Unified Zeek data for more efficient analytics

By Ed Smith – January 27, 2020

In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

Corelight Bright Ideas Blog

Featured Post

Why NDR is essential to protecting your cloud workloads

Additional Posts

Detecting the new CallStranger UPnP vulnerability with Zeek

Analyzing encrypted RDP connections

The election is six months away. Now is the time to instrument election infrastructure.

Enabling SOHO Network Security Monitoring

Watch over DNS traffic with Corelight and Splunk

Using Corelight and Zeek to support remote workers

The high ground

Countering network resident threats

12 talks to see at RSA 2020

Corelight ECS mapping: Unified Zeek data for more efficient analytics

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!