Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

The Art of Team Building: Blueprints from the Black Hat NOC

By Dustin Lee – October 31, 2023

It has been a distinct honor to be a part of the Corelight team that helped defend this year’s Black Hat events. I started the event season in the Network Operations Center (NOC) at Black Hat Asia, and then capped it off at Black Hat in Las Vegas.... Read more »

Writing a Zeek package in TypeScript with ZeekJS

By Simeon Miteff – October 26, 2023

Zeek® is the world’s most widely used network security monitoring platform and is the foundation for Corelight network evidence. In this blog I share how to write a Zeek package in TypeScript with a new capability called ZeekJS that was released as... Read more »

Turning the tables on the infiltrator

By Ben Reardon – October 16, 2023

This article was originally featured in TechBeacon. Read more »

Celebrating CrowdStrike’s New Network Detection Service “Powered by Corelight”

By Allen Marin – June 1, 2023

Several months ago, we announced that our strategic alliance partner CrowdStrike decided to use our Open NDR technology across its professional services portfolio. This wasn’t just a meaningful validation for us—it was also a testament to the... Read more »

Key takeaways from RSA 2023: #BetterTogether and AI in security

By Ed Smith – May 8, 2023

Whether or not you made it to RSA 2023, here are two key themes we saw throughout this year’s conference. Read more »

New Sliver C2 Detection Released - Redteam detected

By Corelight Labs Team – May 4, 2023

We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to... Read more »

Corelight for the everywhere cloud

By Ed Amoroso, founder and CEO of TAG Cyber (guest) – January 17, 2023

Editor's note: This is the first in five-part series authored by Ed Amoroso, founder and CEO of TAG Cyber, which will focuses on how the Corelight platform reduces network security risks to the so-called Everywhere Cloud (EC). Such security... Read more »

Detecting CVE-2022-30216: Windows Server Service Tampering

By Corelight Labs Team – August 9, 2022

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that... Read more »

The evidence bank: leveraging security's most valuable asset

By Bernard Brantley – June 30, 2022

Editor's note: This is the fourth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

Detecting CVE-2022-23270 in PPTP

By Corelight Labs Team – May 26, 2022

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this... Read more »