Get Started

          Solarwinds

          Detecting CVE-2021-31166 – HTTP vulnerability

          In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced many such responses over the last year (see Appendix A), and this one is a good demonstration... Read more »

          Detecting SUNBURST/Solarigate activity in retrospect with Zeek

          The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds package. Read more »

          Finding SUNBURST backdoor with Zeek logs & Corelight

          UPDATE 12-16-20: Corelight Resources Read more »

          Search

            Recent Posts