LogRhythm Labs

Security analyst using LogRhythm NextGen SIEM

Integrating SIEM Within Compliance Programs

Posted by: Rem Jaques

At their core, information security and compliance seem like topics that should go hand in hand: InfoSec deals with the daily functions of identifying and responding to threats, while compliance includes responsibilities of implementing IT security controls and effective governance.…

Read More

July 19, 2021

Don’t Gamble with Golden SAML

Read More

June 30, 2021

Aligning Security Controls with Leading Cybersecurity Frameworks

Read More

June 16, 2021

gast station

Ransomware Detection and Mitigation Strategies in OT/ICS Environments

Posted by: Brian Coulson

On 9 May 21, the Federal Bureau of Investigation (FBI) issued a statement regarding a network disruption at Colonial Pipeline, one of the largest fuel pipelines servicing the eastern United States. Following immediate operational shutdowns and further initial investigation, the…

Read More

May 27, 2021

Moving Laterally to the Microsoft 365 Cloud Using a Simulated Domain Trust Modification Attack

Read More

May 19, 2021

Microsoft Office Building

A Guide to Detecting Microsoft Exchange Zero-Day Exploits

Posted by: Brian Coulson

TL;DR First and foremost, apply patches to the Exchange infrastructure. Assume compromise. It’s been reported that the attackers launched a massive compromise attack against 60,000+ Exchange Servers before patches became available, and many other attackers are actively looking for exploited…

Read More

March 17, 2021

Dissecting the Golden SAML Attack Used by Attackers Exploiting the SUNBURST Backdoor

Read More

March 5, 2021

Windows keyboard

Windows Certificate Export: Detections Inspired by the SolarWinds Compromise

Posted by: LogRhythm Labs

TL/DR Methods to detect when a certificate is exported from a Windows system are discussed in detail below using the audit log “Certificate Services Lifecycle Notifications” and collecting the log messages with “MS Windows Event Logging XML – Generic” log…

Read More

January 21, 2021

Telecommunications cellular antenna

Telecommunication Security Use Cases

Posted by: Leonardo Hutabarat

Attacks made against telcos and internet service providers (ISPs) have steadily risen. Distributed denial of service (DDoS) attackers launched an 11-day attack against a Chinese telco in 2017 — breaking the DDoS record that year. That same year, Kaspersky Lab…

Read More

January 6, 2021

Man talking over the phone with AirPods on

How to Detect and Respond to SS7 Attacks — OT Telco Use Cases

Posted by: Leonardo Hutabarat

In the telecom environment, using Signaling System No.7 (SS7) protocol is very crucial, especially in 2G networks. If you’re wondering how SS7 works, SS7 protocol is an international telecommunications standard used to set up public switched telephone network (PSTN) and…

Read More

December 28, 2020

Computer keyboard

How to Detect and Search for SolarWinds IOCs in LogRhythm

Posted by: LogRhythm Labs

LogRhythm Labs has gathered up the indicators of compromise (IOCs) from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in a GitHub repository for your convenience. Feel free to download and import…

Read More

December 23, 2020

Three Steps to Translate Threat Reports into Actionable Items Using MITRE ATT&CK®

Threat Hunting Framework: Three Steps to Translate Threat Reports into Actionable Steps

Posted by: Chi Doan

Thanks to Sally Vincent and Dan Kaiser from the LogRhythm Labs team for developing the process and guiding content described in this post. Threat research can be an invaluable asset to security teams when attempting to formulate a proactive stance…

Read More

December 21, 2020