Unmasking BitRAT's C2 over HTTPS
BitRAT hides its C2 over HTTPS, but a default SSL certificate gives it away. See how to detect it with Zeek, Suricata, and SIEM queries.
BitRAT hides its C2 over HTTPS, but a default SSL certificate gives it away. See how to detect it with Zeek, Suricata, and SIEM queries.
Discover how AI and custom GPTs are transforming detection engineering, helping threat hunters draft Suricata and YARA rules in minutes instead of...
Discover what defending the Black Hat NOC taught me about using Model Context Protocol (MCP) to build an agentic SOC and accelerate threat hunting.
Learn how Corelight detects ScoutC2 malware using Zeek, SIEM queries, and Suricata rules for distinctive HTTP paths, methods, headers, and payload...
Richard Bejtlich introduces NDR Essentials, a guide to using high-fidelity network evidence for detection, response, and threat hunting.
Discover what defending the Black Hat NOC taught me about using Model Context Protocol (MCP) to build an agentic SOC and accelerate threat hunting.
Discover what defending the Black Hat NOC taught me about using Model Context Protocol (MCP) to build an agentic SOC and accelerate threat hunting.
Corelight Performance and Asset Visibility unlocks SecOps and NetOps intelligence from one sensor, with device classification and anomaly-first...
Corelight Sensor v29.1 turns your existing sensors into one platform for SecOps and NetOps, with gap-free forensic evidence behind every alert.