Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In Episode 7 of Corelight DefeNDRs, join me, Richard Bejtlich, as I sit down with Dr. Keith Jones, Corelight's principal security researcher, to discuss the practical applications of AI in enhancing network security. We delve into how large language models (LLMs) can assist in cleaning up documentation and generating Zeek scripts, sharing insights from our extensive experience in incident response and coding. Keith reveals the challenges and successes he has encountered using LLMs to streamline processes, including their role in analyzing MITRE techniques.

In Episode 6 of Corelight DefeNDRs, we delve deeper into the fascinating world of DNS covert channels with Vern Paxson, our chief scientist and co-founder. Continuing from our previous discussion, Vern shares his insights on techniques developed to detect these stealthy channels utilized by intruders to evade security measures. We explore the innovative approach of leveraging time series analysis of DNS lookups, how to distinguish benign traffic from potential threats, and the real-world implications of our findings across significant datasets.

In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring.

In Episode 4 of Corelight Defenders, I sit down with Angela Loomis, Corelight's Director of Technical Account Management, to explore her remarkable 25-year journey in cybersecurity. Angela shares her unconventional entry into the field, starting from a background in television production to becoming a leader in security strategy. We delve into the importance of curiosity in cybersecurity, discussing how diverse experiences enrich the profession, and whether formal education might dampen that curiosity.

How do you find React2Shell vulnerabilities or detect React2Shell attacks in real environments? In this video, Corelight cloud security researcher David Burkett walks through how to threat hunt React2Shell by focusing on post-exploitation behavior at the network level. Instead of relying on exploit signatures, the approach uses application baselining and network traffic analysis to identify abnormal behavior.

Richard Bejtlich discusses cloud security from a network-centric perspective with Corelight's cloud security researcher, David Burkett. They explore why monitoring network traffic remains essential in cloud environments, despite the presence of native security features offered by cloud providers. David highlights common threats such as container compromises, coin miners, and supply chain attacks, emphasizing the value of traffic visibility for detecting unusual behaviors and breaches.

Richard Bejtlich talks with Corelight Principal Technical Marketing Engineer Mark Overholser about what it takes to run the Black Hat Network Operations Center and keep a “hostile” training network safe. They walk through how partners like Corelight, Cisco, Palo Alto Networks, Arista, and Lumen build and monitor the conference network, how the team tells lab traffic from real infections, and why misconfigured self hosted services still show up in surprising ways.