Corelight Bright Ideas Blog

Featured Post

Signature-based detections provide fast, effective defense against known attacks. But the threat landscape is rapidly changing: Attackers are utilizing novel, sophisticated techniques that can bypass traditional, signature-based detection methods and also weaponizing legitimate tools and processes to avoid established detection tools, including... Read more »

Additional Posts

New position brings new open source opportunities

By Kelley Misata – October 12, 2022

Today marks the start of ZeekWeek, the annual conference for information technologists who rely on the Zeek® network for security monitoring. Read more »

BOD 23-01: Better visibility to reduce risk

By Jean Schaffer – October 10, 2022

“Knowing what’s on your network is the first step for any organization to reduce risk.” Read more »

Corelight Investigator: Ready for Europe

By Sara Shuman – October 4, 2022

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and... Read more »

Detecting the Manjusaka C2 framework

By Corelight Labs Team – September 29, 2022

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like... Read more »

Detecting CVE-2022-30216: Windows Server Service Tampering

By Tillson Galloway – August 9, 2022

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that... Read more »

The best cybersecurity defense is great evidence

By Jean Schaffer – July 19, 2022

Editor's note: This is the fifth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

The evidence bank: leveraging security's most valuable asset

By Bernard Brantley – June 30, 2022

Editor's note: This is the fourth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

Enriching NDR logs with context

By Stan Kiefer – June 2, 2022

Editor’s note: This is the latest in a series of posts where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting malicious traffic between containers, and... Read more »

Detecting CVE-2022-23270 in PPTP

By Corelight Labs Team – May 26, 2022

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this... Read more »

Detecting CVE-2022-26937 with Zeek

By Corelight Labs Team – May 26, 2022

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

How Corelight's anomaly detection enhances network security

Additional Posts

New position brings new open source opportunities

BOD 23-01: Better visibility to reduce risk

Corelight Investigator: Ready for Europe

Detecting the Manjusaka C2 framework

Detecting CVE-2022-30216: Windows Server Service Tampering

The best cybersecurity defense is great evidence

The evidence bank: leveraging security's most valuable asset

Enriching NDR logs with context

Detecting CVE-2022-23270 in PPTP

Detecting CVE-2022-26937 with Zeek

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!