Corelight Entity Collection, now available in v26 software release, features 3 new packages: Known Entities, Application Identification and Local...
Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web...
Corelight Labs looks at three APT toolsets that have been linked to five threat actors, detecting each using relatively simple search logic.
In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.
Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
The Corelight Labs team investigates CVE-2022-26809 and open-sources a Zeek package that detects attempts and successful exploitation in unencrypted...
This blog post discusses Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.