Domain Privilege Escalation Vulnerability
Posted by: Julian Crowley
On Tuesday, Microsoft released an emergency update to Windows Server 2003 through 2012 R2 to address a vulnerability that enables an attacker to escalate privileges for any account on a Windows Domain. The vulnerability can be detected in Windows Server…
Read More
November 19, 2014
What You See is Not What You Copy
Tricking users into copying different commands from what is displayed on a web page… OK, maybe I’m late to this party but I recently came across a very cool attack vector that I had not heard about until now. There’s…
Read More
October 8, 2014
Do You Trust Your Computer?
These past couple weeks have been a blur. I had the opportunity to attend and speak at both AppSecUSA and DerbyCon and can not say enough good things about these conferences. There were so many excellent talks and activities that…
Read More
October 3, 2014
Name Changes for AI Engine Rules
With the current Knowledge Base release, LogRhythm Labs will introducing the first round of changes to AI Engine™ Rule organization. This initial stage involves implementing a more intuitive naming scheme for AI Engine&trade Rules. (Note: compliance based Engine&trade Rules will…
Read More
October 1, 2014
Adding Items to a LogRhythm List via SmartResponse Plugins
SmartResponse™ Plugins allow LogRhythm alarm and AI Engine rules to launch nearly any scriptable action. The most widely-used SmartResponse Plugin is Add Item to List. This plugin makes additions to LogRhythm lists. For example, adding a benign IP or URL…
Read More
August 28, 2014
Taking Advantage of Default Settings
While at Black Hat this year I attend a great talk by security researcher Aditya K Sood. He discussed at length, the Fundamental Weaknesses in Botnet C&C Panels. One of the major talking points he hit on was the major…
Read More
August 7, 2014
Xfinity Pineapple
Notice: LogRhythm nor the author of this blog post are liable for any illegal activities conducted with this information. LogRhythm does not condone or support such activity. This post is simply a proof-of-concept to explore the risks of open wireless…
Read More
June 18, 2014
University of Michigan Releases ZMap
Posted by: Matt Willems
Researchers at the University of Michigan recently released a new scanning and probing utility called ZMap capable of scanning hosts over 1300 times faster than the common open source tool NMap. In testing it was able to scan the entire…
Read More
August 27, 2013
Proposed Incentives for Adopting the Cybersecurity Framework
LogRhythm has been involved in the authoring of the Cybersecurity Framework as outlined in one of my previous blog posts. Although the framework is still being drafted, and won’t be released for public comment until later in the year, the White…
Read More
August 8, 2013
Some Thoughts on Black Hat and DEFCON
After attending Black Hat and DEFCON this year, I noticed that there wasn’t an overarching theme, like the Cloud, APTs or Big Data that prior years have seemed to focus on. Given the recent disclosures about NSA surveillance programs, privacy was…
Read More
August 3, 2013
Connecting the Dots
This year I was fortunate enough to be able to attend the Black Hat 2013 conference in Las Vegas. The opening keynote by General Alexander set the mood for what I think will be a common trend throughout the rest…
Read More
August 1, 2013
Don’t Forget Your People
I spend almost 25% of my week working in LogRhythm’s security operations center (SOC). The SOC is responsible for monitoring, reporting and mitigating any security event on our worldwide network. While in the SOC, the expectation is to treat anyone…
Read More
April 30, 2013
Accept the Right, Deny the Wrong: Add Flexibility to your Juniper Firewall
03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 – JuniperFirewall01 – [] ()[Standard User Profile] – Requesting user to confirm access to invalid SSL site – Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1 Here’s an interesting event we caught…
Read More
April 25, 2013
Detecting Session Hijacking with LogRhythm’s Advanced Intelligence Engine
When a client authenticates with a Web application, a session is established. Usually a unique, pseudo-random session ID is generated and passed from the client to the Web application with each HTTP request that is made. This session ID might be…
Read More
March 20, 2013
With Great Power Comes Great Responsibility
Following the UK Conservative Party Conference this week, many headlines honed in on the government’s plan to create a battalion of cyber reserves to protect the country from online attacks. There is an ongoing cyber security skills shortage in the…
Read More
March 10, 2013
Understanding a Basic Web Attack Using Log Data
A colleague of mine recently asked me to take a look at some logs he was investigating. The LogRhythm Web Application Defense Module had initially keyed him into the suspicious behavior and he was now examining the raw logs to…
Read More
February 22, 2013
Federal Compliance Update FedRAMP
The U.S. Federal Government has expanded their service offerings by outsourcing infrastructure to cloud-based services providers. The use of cloud-based services comes with inherent risk. However, the Federal Office of Management and Budget (OMB) has been working diligently over the…
Read More
February 4, 2013
Using Logger to Send File Data to SYSLOGD
If you find yourself needing to have the contents of an ASCII text file written to syslog, then consider the use of the logger command. This comes with most Unix distributions and has also been ported to the Windows platform.…
Read More
February 27, 2012