Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Corelight

Detecting the Manjusaka C2 framework

Sep 29, 2022 By Corelight Labs Team In Corelight

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like other C2 frameworks, we studied the Manjusaka implant/server network communications in our lab environment, and here we document some of the detection methods available. We have also open-sourced the content we describe.

Read Post

Cloud Insecurities - How to threat hunt in hybrid and multi cloud environments

Sep 27, 2022 By Corelight In Corelight
Amidst a record number of workloads moving to the cloud – security teams must not only confront the cyber-skills shortage, but also a general lack of cloud expertise. Corelight and guest Forrester will share best practices for building threat detection, hunting, and incident response capabilities to the cloud and upskilling your existing SecOps team. Watch this on demand webcast to learn.
View Video

SANS Protects: The Network

Sep 8, 2022 By Corelight In Corelight
SANS Protects is a series of papers focused on the most prevalent threats to specific, critical components of your environment as well as actions you can take to mitigate those threats and thwart threat actors. In this webcast, sponsored by Corelight, SANS Certified Instructor Matt Bromiley will examine current, prevalent network threats and how adversaries use them to take advantage of, and maintain footholds in, victim environments.
View Video

SANS 2022 Report Moving to a State of Zero Trust

Aug 31, 2022 By Corelight In Corelight
In this webcast, SANS certified instructor Matt Bromiley will explore the concept of zero trust and what it means to security teams and your overall security posture. As a concept, zero trust is relatively straightforward: Trust no one until verified, inside or outside the network. However, this is often easier said than done, especially for systems built on legacy authentication models. Matt will also examine what a zero trust implementation looks like, how this can stop adversaries dead in their tracks, and what your organization can do to begin moving toward a state of zero trust.
View Video

How to Benchmark Your Threat Hunting Readiness and Prepare for the Next Step

Aug 26, 2022 By Corelight In Corelight
Many organizations want to start threat hunting but struggle with knowing where to begin, how to measure success, and how to scale an effective program. This presentation draws on the experience of elite hunters and teams around the world and will discuss an actionable threat hunting maturity model and help you prepare for each step of the journey with specific guidance, concrete examples, and sample threat hunts.
View Video

Network Forensics & Incident Response with Open Source Tools

Aug 26, 2022 By Corelight In Corelight
Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, and the global communities behind these tools can also serve as a force multiplier for security teams, such as accelerating their response times to zero-day exploits via community-driven detection engineering and intel sharing. This presentation will review popular open source technologies used in network DFIR and cover use cases, integrations, and open source design patterns.
View Video
Corelight

Detecting CVE-2022-30216: Windows Server Service Tampering

Aug 9, 2022 By Corelight Labs Team In Corelight

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that allows an attacker to authenticate to Active Directory Certification Services (ADCS) and to generate a client certificate that enables remote code execution on a domain controller.

Read Post

How to Make Progress on the Zero Trust Road Map

Aug 5, 2022 By Corelight In Corelight
It's been a year since President Biden's executive order that called out zero trust as a primary focus. Corelight's Richard "Chit" Chitamitre discusses the prevalent misunderstandings about zero trust, as well as use cases for how to embrace the framework and make measurable progress along the way. In this video interview, in partnership with Information Security Media Group, you will learn.
View Video

Raspberry Pi Sensors for Home Networks

Aug 5, 2022 By Corelight In Corelight
Is your IoT dryer transferring 1GB+ of traffic daily? Does your Tesla phone home to the mothership? Is your employer monitoring you at home? Learn a quick, easy, free method for using a Raspberry Pi to gain visibility into your home network. We'll teach you to find out what your smart (and not-so-smart) devices are doing using ZeekⓇ logs and Suricata alerts–two flagship open-source technologies–skills transferable to your day job and enterprise environments.
View Video
Subscribe to Corelight

Copyright © 2024 OpsMatters™. All rights reserved.