By Vince Stoffer, Senior Director, Product Management, Corelight One of the most important aspects of threat hunting is having a place to start. A question, a theory, or a hunch often begins the hunt. Where you end up may not be where you first ... Read more »
MITRE ATT&CK
Together is faster: Zeek for vulnerabilities
“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” - John Lambert (Distinguished Engineer, Microsoft) By Greg Bell, CEO of Corelight I love this quote. ... Read more »
Analyzing encrypted RDP connections
By Anthony Kasza, Corelight Security Researcher Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work. Just like every ... Read more »
Finding truth in the cloud: Google Cloud Packet Mirroring and Corelight Network Traffic Analysis
By Vijit Nair, Sr. Director Product Management, Corelight “Remember, all I’m offering is the truth” - Morpheus, from the movie Matrix (1999) There is a great scene at the end of Matrix where a fallen Neo resurrects himself and breaks past the ... Read more »
Introducing the Corelight SSH Inference package
By Anthony Kasza, Security Researcher, Corelight Labs Corelight has recently released a new package, focusing on SSH inferences, as part of our Encrypted Traffic Collection. The package installs on sensors with a few clicks and provides network ... Read more »