Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

All
Zeek
Network Security Monitoring
featured
network security
NDR
Corelight
network detection response
cybersecurity
network traffic analysis
SOC
Bro
network visibility
Corelight Labs
Richard Bejtlich
SIEM
Product
open source
Announcements
threat hunting
Suricata
Splunk
DNS
Industry
PCAP
TLS
BlackHat
open source community
Corelight Sensor
NSM
Partnership
HTTP
MITRE ATT&CK
GitHub
Incident response
Zeek Logs
encrypted traffic
network evidence
SSH
microsoft
encrypted traffic collection
Detection
JSON
command and control
encryption
ja3
AWS
HTTPS
IDS
SSL
conn.log

Zeek

Detecting CVE-2021-31166 – HTTP vulnerability

In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability.

Ben Reardon May 27, 2021

Zeek

Investigating the effects of TLS 1.3 on Corelight logs, part 1

In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.

Richard Bejtlich May 29, 2019

Zeek

Network security monitoring is dead, and encryption killed it.

This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result.

Richard Bejtlich Jan 29, 2019

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response

Corelight Bright Ideas Blog

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Detecting CVE-2021-31166 – HTTP vulnerability

Investigating the effects of TLS 1.3 on Corelight logs, part 1

Network security monitoring is dead, and encryption killed it.

Have questions?

Sign up for our newsletter

We’re hiring!