Corelight Bright Ideas Blog: NDR & Threat Hunting Blog (5)

Corelight Bright Ideas Blog

Featured Post

May 17, 2024

Detecting the STRRAT Malware Family

Introduction In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: Read more »

Additional Posts

Zeek on Windows

By Tim Wojtulewicz – December 5, 2022

Editor's note: This post was originally published on the Zeek.org blog on Nov. 28, 2022. Reposted here in full with permission as a courtesy. Read more »

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

By Corelight Labs Team – November 30, 2022

Editor's note: This blog post was updated on 12/1/22 to add the "Update 12/1/22" and corresponding paragraph added to the end of the blog post. On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT... Read more »

Detecting 5 current APTs without heavy lifting

By Corelight Labs Team – November 8, 2022

The Corelight Labs team prides itself on the ability to create novel Zeek and Suricata detection content that delves deep into packet streams by leveraging the full power of these tools. However this level of additional sophistication is not always... Read more »

New position brings new open source opportunities

By Kelley Misata – October 12, 2022

Today marks the start of ZeekWeek, the annual conference for information technologists who rely on the Zeek® network for security monitoring. Read more »

BOD 23-01: Better visibility to reduce risk

By Jean Schaffer – October 10, 2022

“Knowing what’s on your network is the first step for any organization to reduce risk.” Read more »

Corelight Investigator: Ready for Europe

By Sara Shuman – October 4, 2022

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and... Read more »

Detecting the Manjusaka C2 framework

By Corelight Labs Team – September 29, 2022

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like... Read more »

Detecting CVE-2022-30216: Windows Server Service Tampering

By Corelight Labs Team – August 9, 2022

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that... Read more »

The best cybersecurity defense is great evidence

By Jean Schaffer – July 19, 2022

Editor's note: This is the fifth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

The evidence bank: leveraging security's most valuable asset

By Bernard Brantley – June 30, 2022

Editor's note: This is the fourth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

Load Older Posts