LogRhythm Labs

Security Awareness is an incredibly important aspect of any security program. As we’ve seen in countless high-profile breaches, users are consistently the path of least resistance into any organization. Which is why training employees to identify ‘suspiciousness’ and react in…

May 1, 2015

In this installment of Lab’s weekly series, Security Awareness Training, we’ll be discussing appropriate methods for users remotely accessing corporate or cloud infrastructure. Many of us work remotely at some point and need to access corporate file shares and other…

April 9, 2015

I’d like to talk a little bit about a new POS Malware variant called LogPOS. Being a researcher at LogRhythm I feel it is my duty to talk about any Malware with the word “log” in it. Ironically this malware…

March 16, 2015

The home network is equally important to secure as the organization you work for. Think about it, this is the network that you use when not in the office; you plug your work laptop in, access sites that are unfiltered/unprotected…

March 12, 2015

Here is a high-level breakdown for the Phase 2 HIPAA Audits being conducted by OCR in 2015: Back in 2011, the Office of Civil Rights (OCR) was brought on-board to support a pilot HIPAA audit program with the goal of…

March 11, 2015

When attackers are trying to break through your perimeter or are operating within your environment, you need to act quickly. Security intelligence is paramount. The good news is that you can detect most indicators of a threat from within the…

March 6, 2015

After the breach of Sony Pictures by North Korea, legislative attention has come back to cybersecurity. Its primary goal has been the sharing of threat information, allowing private companies to integrate their ‘indicators’ — pieces of information that have been…

January 29, 2015

As the US pioneered the Internet, so too the country is pioneering this ever changing information age. With this effort comes a responsibility for all organizations, both private and public, in all industries to protect client and consumer information. On…

January 26, 2015

Kippo is one of my favorite honeypots due to its sheer simplicity, portability, and ease-of-use. It comes with a really neat feature that allows you to replay what the attacker did once they gained access to the honeypot by way…

January 9, 2015

Posted by: Julian Crowley

On Tuesday, Microsoft released an emergency update to Windows Server 2003 through 2012 R2 to address a vulnerability that enables an attacker to escalate privileges for any account on a Windows Domain. The vulnerability can be detected in Windows Server…

November 19, 2014

Tricking users into copying different commands from what is displayed on a web page… OK, maybe I’m late to this party but I recently came across a very cool attack vector that I had not heard about until now. There’s…

October 8, 2014

These past couple weeks have been a blur. I had the opportunity to attend and speak at both AppSecUSA and DerbyCon and can not say enough good things about these conferences. There were so many excellent talks and activities that…

October 3, 2014

With the current Knowledge Base release, LogRhythm Labs will introducing the first round of changes to AI Engine™ Rule organization. This initial stage involves implementing a more intuitive naming scheme for AI Engine&trade Rules. (Note: compliance based Engine&trade Rules will…

October 1, 2014

SmartResponse™ Plugins allow LogRhythm alarm and AI Engine rules to launch nearly any scriptable action. The most widely-used SmartResponse Plugin is Add Item to List. This plugin makes additions to LogRhythm lists. For example, adding a benign IP or URL…

August 28, 2014

While at Black Hat this year I attend a great talk by security researcher Aditya K Sood. He discussed at length, the Fundamental Weaknesses in Botnet C&C Panels. One of the major talking points he hit on was the major…

August 7, 2014

Notice: LogRhythm nor the author of this blog post are liable for any illegal activities conducted with this information. LogRhythm does not condone or support such activity. This post is simply a proof-of-concept to explore the risks of open wireless…

June 18, 2014

Posted by: Matt Willems

Researchers at the University of Michigan recently released a new scanning and probing utility called ZMap capable of scanning hosts over 1300 times faster than the common open source tool NMap. In testing it was able to scan the entire…

August 27, 2013

LogRhythm has been involved in the authoring of the Cybersecurity Framework as outlined in one of my previous blog posts. Although the framework is still being drafted, and won’t be released for public comment until later in the year, the White…

August 8, 2013