CORELIGHT LABS
RESEARCH

From detecting attacks to profiling behavior, Corelight Labs creates new ways to deepen network insight and strengthen enterprise security. We work in close partnership with other innovators at Corelight, and we take pride in the robust, deeply technical capabilities we create.
Recent Research
Network Detection of Interactive SSH Impostors Using Deep Learning
Impostors who have stolen a user's SSH login credentials can inflict significant harm to the systems to which the user has remote access. We consider the problem of identifying such imposters when they conduct interactive SSH logins by detecting discrepancies in the timing and sizes of the client-side data packets, which generally reflect the typing dynamics of the person sending keystrokes over the connection.
GGFAST: Automating Generation of Flexible Network Traffic Classifiers
When employing supervised machine learning to analyze network traffic, the heart of the task often lies in developing effective features for the ML to leverage. We develop GGFAST, a unified, automated framework that can build powerful classifiers for specific network traffic analysis tasks, built on interpretable features. The framework uses only packet sizes, directionality, and sequencing, facilitating analysis in a payload-agnostic fashion that remains applicable in the presence of encryption.
Running DeepSeek AI privately using open-source software
February 28, 2025 • Keith J. Jones
Understand and detect MITRE Caldera with Zeek®
February 14, 2025 • Keith J. Jones
Detecting Abuse of NetSupport Manager
September 11, 2024 • Tillson Galloway
Detecting The Agent Tesla Malware Family
July 2, 2024 • Keith J. Jones
Detecting the STRRAT Malware Family
May 17, 2024 • Corelight Labs Team
Focus Terrapin patching efforts with Zeek
March 9, 2024 • Ben Reardon
How Corelight Uses AI to Empower SOC Teams
November 15, 2023 • Vince Stoffer
Writing a Zeek package in TypeScript with ZeekJS
October 26, 2023 • Simeon Miteff
To learn more about Corelight Labs, contact our team.
Get our research the minute it's published
Sign up for Corelight Labs news.