CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Vern Paxson

Corelight Sensors detect the ChaChi RAT

Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as its preferred command and control (C2) mechanism. We downloaded two PCAPs from the malware... Read more »

Corelight Sensors detect the ChaChi RAT

Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as its preferred command and control (C2) mechanism. We downloaded two PCAPs from the malware... Read more »

Introducing RDP Inferences

Corelight recently released a new package, focused on RDP inferences, as part of our Encrypted Traffic Collection. This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic. Read more »

Is there a ‘Z’ in “Vectra”?

Having worked on Zeek (Bro) for well over two decades now, it’s hugely gratifying – and frankly still somewhat amazing – to see how widely it is used in today’s enterprises. Zeek’s real-time analysis capabilities, extensible scripting,... Read more »

Is IPS a feature or a product?

This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the topic, but I’m more interested in hearing what readers think! Read more »

The last BroCon. It’ll be Zeek in 2019!

I’m back in San Francisco after the last ever BroCon! Why the last BroCon? Because the Bro Leadership Team has announced a new name for the project. After two years of discussion, no shortage of suggestions, and a final shortlist going through legal... Read more »

Corelight: a recipe I couldn’t refuse

It’s hard to beat a mission like transforming government for the 21st Century. That’s what I’ve been doing for more or less my entire professional life. From building information systems in New Orleans both before and after Hurricane Katrina in 2005... Read more »

Twenty years of network security monitoring: from the AFCERT to Corelight

I am really fired up to join Corelight. I’ve had to keep my involvement with the team a secret since officially starting on July 20th. Why was I so excited about this company? Let me step backwards to help explain my present situation, and forecast... Read more »

That’s a Wrap! The Bay Area’s First Open-Source Bro Meetup

Last Tuesday Corelight hosted the Bay Area’s first meetup for the open-source Bro network security monitor and we saw a great turnout of Bro fanatics and first-timers alike at our San Francisco headquarters. Read more »