Threat actors constantly hunt for evasion and anti-analysis techniques in order to increase the success rate of their attacks and to lengthen the duration of their access on a compromised system. In some cases, threat groups use techniques they find discussed on the Internet during their operations, such as the Office Test Persistence method that the Sofacy group found within a blog published in 2014. While analyzing a recent attack that occurred on August 10, 2016, we observed an interesting anti-analysis technique used by the Dukes threat group (aka APT29, …
Release Date: 2016-09-08 How to update: Updating MineMeld Nodes: - fixed bugs on TAXII and syslog nodes, and some typos here and there - add Miner for ThreatQ Prototypes: - added new EmerginThreats Open Source prototypes by @greg.roehl - promoted a good bunch of protos from EXPERIMENTAL to STABLE - rather obviously, we
VPC Endpoints and the Palo Alto Networks VM-Series firewall VPC Endpoints is a feature provided by AWS that enables users to create a private connection between a VPC and other AWS services without an internet connection. With this feature, the VM-Series firewall can retrieve bootstrap configuration files from the S3
We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so! Book Review by Canon Committee Member, Steve Winterfeld: Hacking Exposed Series (1999) by McGraw-Hill …
I 'm doing configuration from old Cisco ASA to new firewall PA 3020. I imported ASA config to migration tool, edited some settings like Zone, Interfaces, Nat rules. However when I try to export the edited version to xml file to import to new Palo Alto, I don't see Base
Fall is almost here and that means this summer’s Palo Alto Networks interns are off to another school year and another year of study. But before our 2016 interns leave, they are given the opportunity to showcase their summer projects at our annual Internfest. This year was the first we had interns in three main U.S. offices, and each location held its own event.
Overview The VPN tunnel between two devices fails with error "Unknown ikev2 peer," even if all the crypto profiles, pre-shared-keys and proxy IDs match. This article features the details of the cause of this error message Issue Generally, this error is seen when building the tunnel with Microsoft Azure. However, it is
The following procedure documents best practices for customers who are new to the PAN-OS upgrade process. It’s intended as a foundation for customers who want to create their own more-specific upgrade procedures. About the PAN-OS upgrade and customer responsibilities We recommend upgrades be performed from one feature release to the
Some security regulations may require that sensitive information not leave the Data Center, even through encrypted means, which excludes these files from being scanned for infections by the WildFire Cloud. The WF-500 appliance alows an organization to leverage the strength of WildFire sandbox analysis in a private cloud environment.
Hi, It would be great to be able to remap multiple sub-interfaces the same way you can remap interfaces. An example is that a got CP interface eth2-2.100 -> eth2-2.200 I then want to remap eth2-2.100->.149 to AE1.100->.149 and eth2-2.150->.200 to AE2.150->.200 /kristian
Hi, We are trying to replace a service object from a CP config to a Application Group in PANOS config. After creating the Application groups, we are trying the "search & replace" feature. I have moved the rules into the "replace" tab but when I choose "Applications Group"
Overview Even when both the nodes in an HA pair are configured to fetch dynamic updates (threat or antivirus updates) at the same time, the firewall generates a version mismatch alert in the system logs. If email alerts are configured on the firewall, the system admin receives these alerts. This
Overview Equal Cost Multipath (ECMP) is a new feature introduced in PAN-OS 7.0. It provides multipath support for "equal cost" routes going to the same destination. There is a max of 4 equal cost paths supported Without this feature, if there are multiple equal-cost routes to the same
Routes with an internal flag There are instances when the route gets installed in the routing table with flag as "~" Flag "~" means that this is an internal route. This article focuses on explaining a route with an internal flag. Redistributing a route into the routing protocol
Welcome to the Live Community Weekly Recap Every week, numerous user discussions, knowledge articles and video tutorials are posted within the community. Over time, thousands of valuable items can be browsed through. For a quick glance, we highlight some of those great items every week in this recap. It is an easy way
Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. In the second part of the Cybercrime Underground series, Unit 42 explores the cybercrime forum ecosystem along with tools and services they offer. Pythons and Unicorns and Hancitor…oh my! Unit 42 decodes binaries through emulation. Were you stumped by the LabyREnth CTF Threat track challenge? Get the solutions.
Sit back and relax. Let us do the information gathering and give you the channel scoop. Thank You for Another Record Year: Earlier this week we announced our Q4 and FY16 earnings. In Q4 we drove 41percent year-over-year revenue growth to $401 million and for FY16 revenue was up 49 percent year-over-year to $1.4 billion. Channel highlights for the fiscal year included: more than 18,000 partner individuals earning certifications, up more than 60 percent from FY15; partners led more than 5,000 Security Lifecycle Reviews with our mutual customers; and we …
The market for endpoint security is booming, particularly in the startup space, and Palo Alto Networks CEO Mark McLaughlin said he is confident the network security vendor will pull ahead of the pack with its Traps endpoint security solution. Palo Alto Networks rolled out its Traps next-generation endpoint security solution following its $200 million acquisition of Cyvera in 2014.
Fixes: SCREENOS. If a rule was using negate source function this was incorrectly stored as negate destination instead. FORTINET. If a rule with nat contained service ALL the MT was generating Error messages about if you have more than 2 services in the rule you need to create a group
Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We’ll be revealing the solutions to one challenge track per week. Next up, the Threat track.
Quando foi aplicada pela primeira vez na indústria da cibersegurança há 15 anos, a defesa em profundidade (da sigla em inglês DID - Defense in Depth) revolucionou os negócios. Hoje, a ideia de utilizar um conjunto de medidas de segurança cibernética para proteger uma rede é uma prática aceitável e os líderes tradicionais da área a defendem religiosamente, principalmente os que atuam com serviços financeiros e governo.
I am having a problem Cisco PIX migration , the zones came empty. so first thing I did is create the zones and match to my interfaces. Then I assigned new zones to my security policies. When I do the merge. and send the API calls, it complains that the
I recently gave the opening keynote presentation at China’s Internet Security Conference (ISC) 2016. ISC is China’s largest international cybersecurity conference and was held from 16–17 August in Beijing. The conference was open to the Chinese media and covered by CCTV and Xinhua. It was attended by roughly 8,000 people from several countries (mostly China, Korea, Russia, the U.S. and some European nations). This blog post will provide insight into what I shared with the international audience during my keynote address. One of the topics that ISC asked me to …
(This blog post is also available in Japanese.) In August 2016, the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) published a new document, Cybersecurity Approach for Business Management (this is a Japanese link), targeted at major companies as well as small and medium-sized businesses (SMBs). The NISC document follows up on Japan’s September 2015 Cybersecurity Strategy, which encourages business management to be cybersecurity-minded and invest in the same, and also the Cybersecurity Guidelines for Business Leadership Version 1.0 issued by the Ministry of Economy, Trade and …
Hi! I'm having some trouble matching domain indicators on syslog feeds. So far I have a setup like this: ransomwaretracker_RW_DOMBL (Miner) -> aggregatorDomain (Aggregator) -> feedDomainHCGreenWithValue (Output) -> Domain EDL within PAN-OS The above is working fine and I have verified a positive matches on indicators in the