Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

Corelight

Detecting The Agent Tesla Malware Family

Learn how to detect Agent Tesla, which consistently trends at the top of Any.Run’s malware trends list

Keith J. Jones Jul 2, 2024

malware

Detecting the STRRAT Malware Family

In recent months STRRAT has become one of the top malware families submitted to Any.Run. Here's how to detect it.

Corelight Labs Team May 17, 2024

malware

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

Corelight Labs Team Mar 20, 2024

NDR

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

Take a look at an incident we detected, investigated, triaged, and closed using Corelight at Black Hat Las Vegas 2023.

Ben Reardon Sep 15, 2023

Zeek

Detecting Gozi Banking Malware

I ran into a sample of the Gozi banking malware in the wild. This is how I developed an open source detection package to find it with Zeek.

Keith J. Jones Sep 7, 2023

Zeek

Bring Network Security Monitoring to the cloud with Corelight and Amazon VPC Traffic Mirroring

Announcing the Corelight Cloud Sensor, deployable in AWS and capable of ingesting traffic directly from the new Amazon VPC traffic mirroring feature.

John Gamble Jun 25, 2019

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response