CONTACT US
ad-images-nav_0001_SANs thumb

SANS Protects: The Network

DOWNLOAD WHITE PAPER

ad-images-nav_0009_Threat-hunting-guide

Threat hunting guide

GET THE GUIDE

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

ad-images-nav_0000_Thinking-like-a-threat-actor

Thinking like a Threat Actor: Hunting the Ghost in the Machine

WATCH THE WEBCAST

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

Screenshot 2023-05-15 at 12.25.41 PM

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

Corelight Bright Ideas Blog

Zeek

Key takeaways from RSA 2023: #BetterTogether and AI in security

Whether or not you made it to RSA 2023, here are two key themes we saw throughout this year’s conference. Read more »

New Sliver C2 Detection Released - Redteam detected

We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to... Read more »

Zeek on Windows

Editor's note: This post was originally published on the Zeek.org blog on Nov. 28, 2022. Reposted here in full with permission as a courtesy. Read more »

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Editor's note: This blog post was updated on 12/1/22 to add the "Update 12/1/22" and corresponding paragraph added to the end of the blog post. On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT... Read more »

New position brings new open source opportunities

Today marks the start of ZeekWeek, the annual conference for information technologists who rely on the Zeek® network for security monitoring. Read more »

Detecting CVE-2022-30216: Windows Server Service Tampering

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that... Read more »

Enriching NDR logs with context

Editor’s note: This is the latest in a series of posts where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting malicious traffic between containers, and... Read more »

Detecting CVE-2022-23270 in PPTP

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this... Read more »

Detecting CVE-2022-26937 with Zeek

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server... Read more »

Finding CVE-2022-22954 with Zeek

CISA released a warning to federal agencies on May 18 that APT actors are actively exploiting recent vulnerabilities found in VMware, including CVE-2022-22954. Your first thought may have been to want new signatures, indicators, and/or behavioral... Read more »

Search

    Recent Posts