Blog

NotPetya Technical Analysis

Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware. This post reviews an in-depth technical analysis of NotPetya, including recommended security measures.

Read More

Using Deep Packet Analytics to Extract Specific Bytes

One of the hidden features of NetMon's deep packet analytics (DPA) language is that you can extract specific bytes out of a packet inside of a packet rule. Although NetMon classifies over 3,100 applications and extract many thousands of metadata fields, there is always more to learn about network traffic. In this post, you'll learn the proper techniques for extracting specific bytes out of a network packet using DPA.

Read More

Detecting Petya/NotPetya Ransomware

On the morning of June 27, 2017, Petya, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe. This post discusses the TTPs of Petya / NotPetya and how to detect it using LogRhythm AI Engine rules.

Read More

PCI-DSS Compliance 3.2 Updates

Whether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS is in a transitional phase in which version 3.1 is the accepted standard, with all participants moving to the 3.2 standards by January 2018. Although 3.2 is only a minor number change, there are numerous differences between the new version of PCI-DSS and the old one.

Read More

Reactions to Trump's Executive Order on Cybersecurity

Recently, President Trump signed an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The order, originally designated to be signed shortly after his inauguration in January, was signed on May 11, 2017. I had the opportunity to sit down with James Carder and Dan Wilbricht to get their thoughts on what this order may mean for the cybersecurity space.

Read More