Bright Ideas Blog

Network Detection Response

Network evidence for defensible disclosure

Editor's note: This is the second in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on the previous post "Don't trust. verify with evidence." Read more »

Sidecars for network monitoring

Editor’s note: This is the second in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Explore Corelight evidence in Humio Community Edition

Now available: A free and easy way to learn about Humio and Corelight. Read more »

Deeper visibility into Kubernetes environments with network monitoring

Editor’s note: This is the first in a series of posts we have planned over the next several weeks. We will explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Don’t trust. Verify with evidence.

What matters most in a criminal trial? Evidence. Everything depends on the quality and depth of facts deployed to build a case for innocence or guilt. Without compelling evidence, no jury can draw accurate conclusions. Here at Corelight, we are in a... Read more »

Detecting Log4j exploits via Zeek when Java downloads Java

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP.  Today, we will discuss a third detection method, this one focused on the... Read more »

Detecting Log4j via Zeek & LDAP traffic

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

Simplifying detection of Log4Shell

Simplifying detection of Log4Shell

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the... Read more »

Situational awareness for CISA FECB playbooks

CISA recently released a set of playbooks for the Federal Civilian Executive Branch (FCEB) to provide improved cybersecurity incident response (IR) and vulnerability response. As was demonstrated by the SolarWinds SUNBURST attack in December 2020,... Read more »

Detecting CVE-2021-42292

On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding,... Read more »

Search

    Recent Posts