Security Tips and Tricks

Posted by: Julian Crowley

On Tuesday, Microsoft released an emergency update to Windows Server 2003 through 2012 R2 to address a vulnerability that enables an attacker to escalate privileges for any account on a Windows Domain. The vulnerability can be detected in Windows Server…

November 19, 2014

Tricking users into copying different commands from what is displayed on a web page… OK, maybe I’m late to this party but I recently came across a very cool attack vector that I had not heard about until now. There’s…

October 8, 2014

These past couple weeks have been a blur. I had the opportunity to attend and speak at both AppSecUSA and DerbyCon and can not say enough good things about these conferences. There were so many excellent talks and activities that…

October 3, 2014

With the current Knowledge Base release, LogRhythm Labs will introducing the first round of changes to AI Engine™ Rule organization. This initial stage involves implementing a more intuitive naming scheme for AI Engine&trade Rules. (Note: compliance based Engine&trade Rules will…

October 1, 2014

SmartResponse™ Plugins allow LogRhythm alarm and AI Engine rules to launch nearly any scriptable action. The most widely-used SmartResponse Plugin is Add Item to List. This plugin makes additions to LogRhythm lists. For example, adding a benign IP or URL…

August 28, 2014

While at Black Hat this year I attend a great talk by security researcher Aditya K Sood. He discussed at length, the Fundamental Weaknesses in Botnet C&C Panels. One of the major talking points he hit on was the major…

August 7, 2014

Notice: LogRhythm nor the author of this blog post are liable for any illegal activities conducted with this information. LogRhythm does not condone or support such activity. This post is simply a proof-of-concept to explore the risks of open wireless…

June 18, 2014

Posted by: Matt Willems

Researchers at the University of Michigan recently released a new scanning and probing utility called ZMap capable of scanning hosts over 1300 times faster than the common open source tool NMap. In testing it was able to scan the entire…

August 27, 2013

LogRhythm has been involved in the authoring of the Cybersecurity Framework as outlined in one of my previous blog posts. Although the framework is still being drafted, and won’t be released for public comment until later in the year, the White…

August 8, 2013

After attending Black Hat and DEFCON this year, I noticed that there wasn’t an overarching theme, like the Cloud, APTs or Big Data that prior years have seemed to focus on. Given the recent disclosures about NSA surveillance programs, privacy was…

August 3, 2013

This year I was fortunate enough to be able to attend the Black Hat 2013 conference in Las Vegas. The opening keynote by General Alexander set the mood for what I think will be a common trend throughout the rest…

August 1, 2013

I spend almost 25% of my week working in LogRhythm’s security operations center (SOC). The SOC is responsible for monitoring, reporting and mitigating any security event on our worldwide network. While in the SOC, the expectation is to treat anyone…

April 30, 2013

03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 – JuniperFirewall01 – [] ()[Standard User Profile] – Requesting user to confirm access to invalid SSL site – Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1 Here’s an interesting event we caught…

April 25, 2013

When a client authenticates with a Web application, a session is established. Usually a unique, pseudo-random session ID is generated and passed from the client to the Web application with each HTTP request that is made. This session ID might be…

March 20, 2013

Following the UK Conservative Party Conference this week, many headlines honed in on the government’s plan to create a battalion of cyber reserves to protect the country from online attacks. There is an ongoing cyber security skills shortage in the…

March 10, 2013

A colleague of mine recently asked me to take a look at some logs he was investigating. The LogRhythm Web Application Defense Module had initially keyed him into the suspicious behavior and he was now examining the raw logs to…

February 22, 2013

The U.S. Federal Government has expanded their service offerings by outsourcing infrastructure to cloud-based services providers. The use of cloud-based services comes with inherent risk. However, the Federal Office of Management and Budget (OMB) has been working diligently over the…

February 4, 2013

If you find yourself needing to have the contents of an ASCII text file written to syslog, then consider the use of the logger command. This comes with most Unix distributions and has also been ported to the Windows platform.…

February 27, 2012