Corelight Bright Ideas Blog

Featured

Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 19, 2025

malware

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

Corelight Labs Team Mar 20, 2024

Zeek

Focus Terrapin patching efforts with Zeek

Learn how Zeek’s metadata approach can help focus patching efforts for the SSH “Terrapin” attack.

Ben Reardon Mar 9, 2024

cybersecurity

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Learn why adding Corelight to your cybersecurity arsenal, alongside existing NGFWs, is a strategic necessity.

Ed Smith Mar 1, 2024

cybersecurity

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

Learn how threat hunters can identify MITRE ATT&CK persistence techniques.

Allen Marin Feb 26, 2024

network detection response

Dual Defenses: 10 Reasons Why NDR Is Essential Alongside EDR

Learn how the kill web concept can be applied to cybersecurity, and how it addresses some of the concerns with the kill chain.

Ed Smith Jan 10, 2024

NDR

Black Hat NOC USA 2023: Leveraging Corelight’s Open NDR Platform for Network Operations (NetOps)

Recapping our learnings from being in the Black Hat NOC at Black Hat USA 2023

Eldon Koyle Dec 4, 2023

SOC

Inside the Mind of a Cybersecurity Threat Hunter Part 1: Confronting Initial Access Techniques

Learn how Corelight’s integration with CrowdStrike helps threat hunters detect signs of Initial Access, one of the tactics and techniques outlined in...

Allen Marin Nov 27, 2023

NDR