Why Extract Specific Bytes Out of a Packet? Pulling specific bytes out of a packet is the best way to get to the real truth of the content. Getting to this level of the content can help you in many…
Read MoreJune 27, 2017
Petya / NotPetya Poses Risk to Even Patched Systems On the morning of June 27, 2017, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe, affecting varied industries such as…
Read MoreJune 27, 2017
Whether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS…
Read MoreJune 20, 2017
The WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. And you need to protect your network with advanced threat detection. The ransomware spreads to unpatched Windows systems (see Microsoft Security Bulletin…
Read MoreMay 17, 2017
If you are already using Microsoft Sysmon in your environment, then you might be wondering whether it is possible to detect WannaCry activity on your Sysmon-enabled Windows hosts. The answer is yes, and this blog will explain how! What is…
Read MoreMay 17, 2017
Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted files) spread to over 74 countries in 2017, reportedly targeting Russia initially, and spreading to telecommunications, shipping, car manufacturers, universities and health…
Read MoreMay 16, 2017
WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…
Read MoreMay 15, 2017
Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…
Read MoreApril 24, 2017
Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…
Read MoreApril 20, 2017
Part 1: Passwords and Passphrases Building a corporate security awareness program can be as challenging as it is rewarding. Employees are the most targeted resource within an organization, but they are also the first line of defense. Often times, employee…
Read MoreApril 13, 2017
A security operations center (SOC) is becoming an absolute necessity when defending your organization from damaging cyber-attacks. A SOC is the centerpiece of a company’s security operations, as it serves as a critical IT center in which to mitigate cyber…
Read MoreApril 4, 2017
James Carder brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. government. As CISO and Vice President of LogRhythm Labs, he develops and maintains the company’s security governance model…
Read MoreMarch 20, 2017
Insider threats pose significant risks to your organization. Their actions are difficult to detect and many incidents take months or longer to discover. The key to defending against this class of threats is to understand the who, the why, and…
Read MoreMarch 2, 2017
Your network is full of extremely valuable data that can be used to improve both security and operations. Unfortunately, due to the sheer volume of data, it can be difficult to effectively monitor and understand everything on your network. That…
Read MoreFebruary 23, 2017
Server Message Block (SMB) shares are a critical component to most organizations—allowing for a central repository of files and other items that people need to access and share to do their jobs. Often, organizations will have multiple file shares in…
Read MoreJanuary 24, 2017
End-user behavior can be difficult to baseline and monitor. Users often click on suspect links, open unknown attachments, and unknowingly expose the organization to risk. Where traditional analytics and perimeter defenses fall short, LogRhythm’s User and Entity Behavior Analytics (UEBA)…
Read MoreJanuary 19, 2017
Back in August, I had an amazing conversation with Randy Franklin Smith of Ultimate Windows Security during a webinar. We talked about how to identify a number of security scenarios simply by looking at network traffic. If you missed the…
Read MoreDecember 9, 2016
The security operations center (SOC) at Danish telecoms operator TDC recently published a report with regards to an ICMP based DoS/DDoS style of attack. This attack effectively makes use of ICMP type 3 and code 3 crafted packets to drain…
Read MoreDecember 6, 2016