Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Detecting CVE-2022-30216: Windows Server Service Tampering

By Corelight Labs Team – August 9, 2022

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that... Read more »

Application Layer Infrastructure Visibility in IaaS

By Ricky Lin – February 10, 2022

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group... Read more »

Maximize your Splunk ES investment with Corelight

By Roger Cheeks – March 16, 2021

Are you looking to threat hunt but lack sufficient network and IDS data? Have you tried to accelerate your incident response process with better data, but run into dead ends that require data scientists or significant data model modification? Maybe... Read more »