Command And Control

Emotet C2 and Spam Traffic Video
This video covers a life cycle of an Emotet infection, including initial infection, command-and-control traffic, and spambot activity sending emails with malicious spreadsheet attachments to infect new victims. The video cannot be ...

Corelight Sensors detect the ChaChi RAT
By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting ...
What Is a Security Operations Center (SOC)?
Data breaches are costing organizations millions of dollars on average. In its 2020 Cost of a Data Breach Report, IBM found that a data breach cost the average organization $3.86 million. This ...
World’s first 100G Zeek sensor
By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was ...
Introducing the C2 Collection and RDP inferences
By Vince Stoffer, Senior Director, Product Management, Corelight We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software ...
C2 detections, RDP insights and NDR at 100G
By John Gamble, Director of Product Marketing, Corelight Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps ...
How do you know?
By Charles Strauss, Senior Brand Copywriter, Corelight Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do ...

DNS over TLS and DNS over HTTPS
By Jamie Brim, Corelight Security Researcher In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext ...

Detecting the Impossible: Serverless C2 in the Cloud
There are certain sophisticated threat behaviors that are generally considered “impossible” to detect on the network, which are both tedious and challenging for security teams to protect against. These include the use ...

Command and Control Over ICMP: Chronicles of Red Team C2
Tremendous Red Team related blog post over at Black Hills Infosec, and superbly crafted by Darin Roberts, and detailing How To C2 over ICMP... Enjoy! ...