This blog post discusses Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.
Learn how you can use Zeek to detect this level of cunning evasion tactics in your own retrospective hunts and forensic investigations.
In this post I am going to walk you through the process I used to develop a package called “my_stats” that pulls memory information from a running...
This post will discuss four dimensions of not having network taps in place and offer advice on making the best of available visibility options.
This true story illustrates how Corelight could have assisted with the realization that activity is not suspicious or malicious, but is in fact...
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Announcing the Corelight Cloud Sensor, deployable in AWS and capable of ingesting traffic directly from the new Amazon VPC traffic mirroring feature.
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.