Get Started

          Zeek

          Detect C2 ‘RedXOR’ with state-based functionality

          Recently a very interesting Linux-based command-and-control (C2) malware was described by the research team at Intezer. As usual there is a set of simple network-based IOCs in the form of domains and IPs that organizations can search against their... Read more »

          Extending NDR visibility in AWS IaaS

          Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is configured (and stays configured) on every service, to... Read more »

          Getting the most out of your NIDS

          Network Intrusion Detection Systems (NIDS) are widely deployed by the most sophisticated blue teams in the world. For well-funded organizations, there is little question about the value of NIDS, but adoption is not uniform across the entire... Read more »

          Detecting SUNBURST/Solarigate activity in retrospect with Zeek

          The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds package. Read more »

          Finding SUNBURST backdoor with Zeek logs & Corelight

          UPDATE 12-16-20: Corelight Resources Read more »

          Introducing the Cloud Sensor for GCP

          Introducing the Cloud Sensor for GCP

          Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility in an IaaS (infrastructure as a service) environment is elusive – you need to make sure that... Read more »

          Who’s your fridge talking to at night?

          Who’s your fridge talking to at night?

          I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how it came to be. Read more »

          Small, fast and easy. Pick any three.

          Small, fast and easy. Pick any three.

          Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

          Community detection: CVE-2020-16898

          This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scope, we in Corelight Labs immediately set... Read more »

          Community ID support for Wireshark

          The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

          Search

            Recent Posts