LogRhythm Labs

Using Deep Packet Analytics to Extract Specific Bytes

Why Extract Specific Bytes Out of a Packet? Pulling specific bytes out of a packet is the best way to get to the real truth of the content. Getting to this level of the content can help you in many…

Read More

PCI-DSS Compliance 3.2 Updates

Whether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS…

Read More

Detect WannaCry Initial Exploit Traffic with NetMon

The WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. And you need to protect your network with advanced threat detection. The ransomware spreads to unpatched Windows systems (see Microsoft Security Bulletin…

Read More

Detecting WannaCry Activity on Sysmon-Enabled Hosts

If you are already using Microsoft Sysmon in your environment, then you might be wondering whether it is possible to detect WannaCry activity on your Sysmon-enabled Windows hosts. The answer is yes, and this blog will explain how! What is…

Read More

A Technical Analysis of WannaCry Ransomware

Contributors to this in-depth research analysis include Erika Noerenberg, Andrew Costis, and Nathanial Quist—all members of the LogRhythm Labs research group. Summary Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted…

Read More

WannaCry Ransomware

WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…

Read More

How to Extract SCSM Log Files from a Remote Windows Host

Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…

Read More

Analysis of Shamoon 2 Disk-Wiping Malware

Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…

Read More

Free Security Awareness Posters (You’ll Actually Want to Use)

Part 1: Passwords and Passphrases Building a corporate security awareness program can be as challenging as it is rewarding. Employees are the most targeted resource within an organization, but they are also the first line of defense. Often times, employee…

Read More

Five Things to Consider When Building a Security Operations Center (SOC)

A security operations center (SOC) is becoming an absolute necessity when defending your organization from damaging cyber-attacks. A SOC is the centerpiece of a company’s security operations, as it serves as a critical IT center in which to mitigate cyber…

Read More