Our new collaboration with CrowdStrike and Humio allows our customers and the community to experience the value of evidence.
In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability.
FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform.
We’ve just open sourced a Zeek package that detects exploit attempts and successes. This package demonstrates a couple of aspects that are worth...
We are proud to announce that in our v19 software release we have delivered a sensor that combines and integrates Zeek and Suricata with three key...
By allowing the attacker to essentially force a connection to an arbitrary URL, CallStranger can be used in these three key ways.
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.