LogRhythm Labs

Detecting Home Network Issues with Network Monitor

Analyzing home network traffic can be highly valuable as you can find previously unknown issues smoothly and efficiently by using NetMon. In addition to security issues, you can also track usage statistics and determine what (or who) is utilizing the most bandwidth on your home network.

Read More

Building Resilience in Critical Infrastructure

It’s National Cyber Security Awareness Month, and the theme for the final week is “Building Resilience in Critical Infrastructure.” So why is this a focus for the National Cyber Security Alliance? Well initially, cyber threats were focused on profitable data breaches with an attainable payload (e.g., credit card information, industry secrets, etc.). But now, nation states and hacktivist groups are focusing on accessing and disrupting critical infrastructure in the United States.

Read More

How to Build a Miniature Network Monitor Device

LogRhythm NetMon is a powerful forensics tool that allows organizations to capture, analyze, and alert on network data. Traditionally, NetMon is deployed on a blade server within an organization’s data center. However, there are many situations where a smaller, more tactical device is the optimal solution. To demonstrate how to easily deploy NetMon we decided to show you how to build a miniature device.

Read More

LogRhythm Challenge: Black Hat 2016

For the LogRhythm Challenge at Black Hat USA this year, we wanted to give participants the opportunity to use several different analytic skills in their attempt to beat the challenge. The goal of the challenge was to identify exfiltrated data from Swish Inc., a fictional video streaming company who was recently exposed as having data leaked to a public file sharing site. We’ll tell you how to find each of the hidden flags within the PCAP.

Read More

Who is Listening in on Your Network?

With the sheer volume of network traffic and the variety of applications that travel across a typical network these days, it is not surprising how easy it is to gather high-value artifacts using packet capturing software. The goal of an attacker that is using packet capturing software is to grab usernames, email addresses, passwords and other sensitive information traversing a network in plain/clear text for further exploitation.

Read More

Detecting Beaconing Malware with Network Monitor

When a computer becomes infected with malware, it will usually begin to beacon out to a command and control server. This is one of the ways that commodity malware checks in with its command and control infrastructure to await further instructions. But it can be difficult to detect this activity. The beaconing can take place at any time or frequency—from once every couple of seconds to once a week (or possibly even longer if you are dealing with an advanced adversary).

Read More

How Far Cyber Criminals Will Go to Get Your PII

Everyone who works in security deals with phishing emails to some extent—some more than others. In fact, most of us in the security industry see so many phishing attacks on a daily basis that they are not all that interesting anymore. However, every once in awhile, a scammer will actually take the time to prepare and deploy more believable campaigns and target personally identifiable information (PII) in a more persistent way.

Read More

Five Steps to Defend Against Ransomware

Understanding what happens at each phase of a ransomware attack, and knowing the IOCs to look for, increases the likelihood of being able to successfully defend against—or at least mitigate the effects of—an attack.

Read More

SMS Alerting Via SmartResponse

Security analysts can't always dedicate their time to monitoring the security operations center (SOC), nor do they always check the alerts that they receive via email, due to various reasons. Also, some alerts are simply more important than other alerts—important enough that you want to know about them right away and be notified in the most effective way possible, even when out of the office and disconnected from email.

Read More