Why Extract Specific Bytes Out of a Packet? Pulling specific bytes out of a packet is the best way to get to the real truth of the content. Getting to this level of the content can help you in many…
Read MoreJune 27, 2017
Whether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS…
Read MoreJune 20, 2017
The WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. And you need to protect your network with advanced threat detection. The ransomware spreads to unpatched Windows systems (see Microsoft Security Bulletin…
Read MoreMay 17, 2017
If you are already using Microsoft Sysmon in your environment, then you might be wondering whether it is possible to detect WannaCry activity on your Sysmon-enabled Windows hosts. The answer is yes, and this blog will explain how! What is…
Read MoreMay 17, 2017
Contributors to this in-depth research analysis include Erika Noerenberg, Andrew Costis, and Nathanial Quist—all members of the LogRhythm Labs research group. Summary Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted…
Read MoreMay 16, 2017
WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…
Read MoreMay 15, 2017
Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…
Read MoreApril 24, 2017
Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…
Read MoreApril 20, 2017
Part 1: Passwords and Passphrases Building a corporate security awareness program can be as challenging as it is rewarding. Employees are the most targeted resource within an organization, but they are also the first line of defense. Often times, employee…
Read MoreApril 13, 2017
A security operations center (SOC) is becoming an absolute necessity when defending your organization from damaging cyber-attacks. A SOC is the centerpiece of a company’s security operations, as it serves as a critical IT center in which to mitigate cyber…
Read MoreApril 4, 2017
