TALK TO AN EXPERT
ad-images-nav_0001_SANs thumb

SANS Protects: The Network

DOWNLOAD WHITE PAPER

ad-images-nav_0009_Threat-hunting-guide

Threat hunting guide

GET THE GUIDE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

ad-images-nav_0000_Thinking-like-a-threat-actor

Thinking like a Threat Actor: Hunting the Ghost in the Machine

WATCH THE WEBCAST

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

ad-nav-video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

CORELIGHT LABS

RESEARCH

 

1600x574-100px-gradient-graph120-faded-right._cut (2)

 

From detecting attacks to profiling behavior, Corelight Labs creates new ways to deepen network insight and strengthen enterprise security. We work in close partnership with other innovators at Corelight, and we take pride in the robust, deeply technical capabilities we create.

LATEST RESEARCH


IoT/OT/ICS threats: Detecting vulnerable Boa web servers

11/30/22

On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT devices running Boa web servers. The Boa web server, an open-source small-footprint web server suitable for embedded applications, was...

Read more »

Detecting 5 current APTs without heavy lifting

11/8/22

The Corelight Labs team prides itself on the ability to create novel Zeek and Suricata detection content that delves deep into packet streams by leveraging the full power of these tools. However this level of additional sophistication is not always...

Read more »

Detecting the Manjusaka C2 framework

9/28/22

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup)...

Read more »

Detecting CVE-2022-30216: Windows Server Service Tampering

8/9/22

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request...

Read more »

Detecting CVE-2022-23270 in PPTP

5/26/22

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this...

Read more »

Detecting CVE-2022-26937 with Zeek

5/26/22

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server...

Read more »


 

To learn more about Corelight Labs, contact our team.

Get our research the minute it's published

Sign up for Corelight Labs news.

Have questions?

Talk with one of our experts today.

CONTACT US