LogRhythm Labs

7 Significant Insights from the CyberEdge Cyberthreat Defense Report

Today, CyberEdge released their third installment of the Cyberthreat Defense Report in order to gain an understanding and provide awareness of how IT security teams defend against threats. The report analyzes the current state of cyber security, including the perceptions…

Read More

Monitoring Digitally Signed PowerShell

The Challenge Microsoft Windows PowerShell is a powerful scripting environment. The PowerShell execution polices are provided in order to let you determine the conditions under which scripts may be run. The default option is “Restricted,” which doesn’t allow any scripts…

Read More

SANS "Find Evil" Digital Forensics Use Case for Windows

In 2014, SANS published a Digital Forensics poster called “Know Abnormal…Find Evil.” This resource delves into the differences between normal and abnormal behavior—and what you might look for or ignore in a digital forensics investigation. The Challenge Using this reference…

Read More

Detecting Rogue Svchost Processes

The Challenge Malware authors may attempt to hide their processes “in plain sight” by calling them the same name as some common Windows processes. Very commonly, “svchost.exe” has been used for this purpose. It is difficult to catch this by…

Read More

Agent SmartResponse Host Checking

The Problem How can you find out if a SmartResponse™ plug-in using PowerShell will run on a specific System Monitor Agent host? Also, with what user context will the SmartResponse plug-ins execute? Windows PowerShell execution policies let you determine the…

Read More

A Deeper View into the Threat Landscape

The threat landscape hasn’t really changed, except for a few minor adjustments. We are still seeing nation state threat actors, financial crime groups, hactivism (though that has been receiving less press lately), terrorist organizations and commodity threats (e.g., CryptoLocker). The…

Read More

Detecting the Juniper Netscreen OS Backdoor

##The Challenge Juniper issued an advisory on December 18th indicating that they had discovered unauthorized code in some versions of the ScreenOS software that powers their Netscreen firewalls. The advisory covers two issues: One was a backdoor in the VPN…

Read More

What Do the Cyber Attacks of 2015 Tell Us About the Current State of IT Security?

Cybersecurity continued to be a problem for many companies in 2015, with several large financial institutions, retailers and insurance companies admitting to damaging breaches worth millions of dollars. The rise of cyber attacks is most likely here to stay. The…

Read More

10 Security Predictions for 2016

As we approach 2016, security experts are reflecting on the cyber attacks of this year and making predictions as to what the threat landscape may look like in the coming months. This year, there will be innovative security initiatives, different…

Read More

Tracking Group Policy Changes: Part 3

This is the final part of the series on tracking group policy changes. As I have mentioned a couple of times, one thing that makes monitoring group policy changes difficult is the fact that Microsoft logs the GUID of the…

Read More