3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
1 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/19/18
Metasploit 5 Development Has Begun
It's 2018, the ice is melting in Austin, and as we hinted last October
, Metasploit 5 development
efforts have begun in earnest. We have a laundry list
of features that we
are working on for it. The first feature merged in Metasploit 5
replaces the module
cache, which decreases the memory used
2 min
Think Like a Hacker: Going Beyond Network Security
From health care companies to credit agencies and telecommunication firms,
hackers didn’t hold back in 2017. With no simple solution to hacking on the
horizon, it’s a safe bet that 2018 will come with its own share of data
breaches, compromises and concerns.
Short of pulling the plug and living in the dark, how can companies protect
their data and beat hackers at their own game?
It’s all in your head.
Key Characteristics To Thinking Like A Hacker
Here’s the bottom line: IT security fai
4 min
InsightVM
A RESTful API for InsightVM
With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks
to genre-bending vulnerabilities like Meltdown and Spectre
the future would seem a bit blurry. Louis Pasteur
is attributed with the quote:
“Chance favors the prepared mind.” Pasteur’s work precedes information security
as we know it today by a century, but as an an individu
3 min
InsightAppSec
3 Questions to Ask When Prioritizing Web Application Vulnerabilities
Dynamic application security testing (DAST) often results in a constantly
evolving list of security vulnerabilities. When scanning a web application
in production or
in an active testing environment, issues can crop up as quickly as changes
happen within the app. And when exposed to the internet itself, there are many
more ways in which security vulnerabilities
6 min
Log Management
Taking a Message-Based Approach to Logging
When you think about it, a log entry is really nothing more than a message that
describes an event. As such, taking a message-based approach to logging by
utilizing messaging technologies makes sense. Messaging creates the loose
coupling that allows a logging system to be adaptable to the needs at hand and
extensible over time.
Understanding a Standard Logging Architecture
Typically, logging is implemented in an application using a logger
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Jan. 12, 2018
'Sploits! Get yer 'sploits heeere!
Lots of fresh modules this week with six shiny new exploits to showcase—but
first, a blast from the past:
1992 Called
Solaris wants to help you get password hashes and they've invented the NIS
protocol. The next
time you find a Solaris box, locked in a closet, that three generations of
sysadmins have been afraid to touch, you can dump hashes straight to your
Metasploit loot
6 min
Automation and Orchestration
How to Choose a Security Orchestration and Automation Platform
In the market for a security orchestration and automation platform
but
don’t know what solution is right for you? Or perhaps you’ve made some rushed
decisions with past products and want to take a more careful approach this time
around? We get it — sifting through all different security orchestration
options on the
market today is no walk in the park. At the end
4 min
Application Security
4 Differences Between Network Security & Application Security
Tomato, tomato, potato, potato, network security
and web
application security
. Two things that
may seem similar, they are actually quite different. Network security (also
known as vulnerability assessment or vulnerability management
) has been around
for quite some time and is something most security practition
4 min
GDPR
GDPR Preparation Checklist: January – Teach and Tidy
New year, new things to think about when it comes to your GDPR compliance
preparations. Hopefully your
GDPR project is in full swing by now. If it’s not, then you do really need to be
getting your skates well and truly on. Do take a look through our November
and December
3 min
Patch Tuesday
Patch Tuesday - January 2018
The first Microsoft patches of 2018 came early, with new updates released late
Wednesday, January 3rd. Although this was due to the (somewhat
) coordinated
disclosure of the Meltdown and Spectre
vulnerabilities, last week’s updates also contained fixes for 33 additional
CVEs. These days, Microsoft releases their OS updates as monolithi
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/5/18
2018: a new year, new vulns, and endless opportunities to exploit them. The
Metasploit community is kicking off the year with a variety of new content,
functionality, research, and coordinated vulnerability disclosure.
New Year, New Vulns
After a couple months of coordinated disclosure work, long-time Metasploit
contributor Karn Ganeshen offered up a handful of
modules and a couple mixins for testing wireless routers from Cambium Networks
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas is about 2017’s 12
months of Patch Tuesdays . Never mind that there were only
eleven months this year, thanks to Microsoft canceling
most of February’s planned fixes. This coincided with when they’d planned to
roll out their
7 min
Haxmas
12 Memorable Metasploit Moments of 2017
This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.