Get Started

          Pcap

          Smart PCAP and threat detection in the cloud

          I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR support for Suricata across... Read more »

          Corelight Sensors detect the ChaChi RAT

          Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as its preferred command and control (C2) mechanism. We downloaded two PCAPs from the malware... Read more »

          Community detection: CVE-2020-16898

          This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scope, we in Corelight Labs immediately set... Read more »

          Community ID support for Wireshark

          The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

          Meet the Corelight CTF tournament winners

          This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds,  we invited the top performers back for a champions round and... Read more »

          Together is faster: Zeek for vulnerabilities

          “There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  Read more »

          Chocolate and peanut butter, Zeek and Suricata

          Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

          Detecting GnuTLS CVE-2020-13777 using Zeek

          CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

          Profiling Whonix

          Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize... Read more »

          Network Security Monitoring, a requirement for Managed Service Providers?

          Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some examples: Read more »

          Search

            Recent Posts