Recent Research From Corelight Labs

Recent Research

Network Detection of Interactive SSH Impostors Using Deep Learning

Impostors who have stolen a user's SSH login credentials can inflict significant harm to the systems to which the user has remote access. We consider the problem of identifying such imposters when they conduct interactive SSH logins by detecting discrepancies in the timing and sizes of the client-side data packets, which generally reflect the typing dynamics of the person sending keystrokes over the connection.

GGFAST: Automating Generation of Flexible Network Traffic Classifiers

When employing supervised machine learning to analyze network traffic, the heart of the task often lies in developing effective features for the ML to leverage. We develop GGFAST, a unified, automated framework that can build powerful classifiers for specific network traffic analysis tasks, built on interpretable features. The framework uses only packet sizes, directionality, and sequencing, facilitating analysis in a payload-agnostic fashion that remains applicable in the presence of encryption.

RESEARCH

Recent Research

Network Detection of Interactive SSH Impostors Using Deep Learning

GGFAST: Automating Generation of Flexible Network Traffic Classifiers

Leveraging map-reduce and LLMs for enhanced cybersecurity network detection

Running DeepSeek AI privately using open-source software

Understand and detect MITRE Caldera with Zeek®

Detecting Abuse of NetSupport Manager

Detecting The Agent Tesla Malware Family

Detecting the STRRAT Malware Family

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

Focus Terrapin patching efforts with Zeek

How Corelight Uses AI to Empower SOC Teams

Writing a Zeek package in TypeScript with ZeekJS

To learn more about Corelight Labs, contact our team.

Get our research the minute it's published

Have questions?

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!