All Posts

The Twelve Pains of Infosec

One of my favorite Christmas carols is the 12 Days of Christmas . Back in the 90's, a satire of the song came out in the form of the 12 Pains of Christmas , which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. ----------------------

6 min IT Ops

The Value of Correlation IDs

In the old days when transactional behavior happened in a single domain, in step-by-step procedures, keeping track of request/response behavior was a simple undertaking. However, today one request to a particular domain can involve a myriad of subsequent asynchronous requests from the starting domain to others. For example, you send a request to Expedia, but behind the scenes Expedia is forwarding your request as a message to a message broker. Then that message is consumed by a hotel, airline

4 min User Behavior Analytics

SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds

Security Information and Event Management (SIEM) is security's Schrödinger's cat. While half of today's organizations have purchased SIEM tools, it's unknown if the tech is useful to the security team… or if its heart is even beating or deployed. In response to this pain, people, mostly marketers, love to shout that SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0, Security Analytics, User & Entity Behavior Analytics

6 min Automation and Orchestration

Cybersecurity careers and the certifications needed

Synopsis Cybersecurity has become one of the top sought after careers in the Information Technology field. Careers ranging from an ethical hacker to a security auditor. With so many options to choose from, where do you start to pursue such a purposeful and exciting future? I will explain some of the top certifications that are offered and what fields they are associated with. Institutes and their certifications International Information Systems Security Certification Consortium, Inc. (ISC)2

7 min Rapid7 Perspective

2017 Cybersecurity Horoscopes

What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked crystal balls, and cast runes to peer into the future. See what the signs have in store for you in the new year. Sage Corey Thomas, Rapid7 Gazing into the future of 2017, I believe we will continue to see market consolidation of security vendors. With a focus on increasing productivity, organizations will move further from disparate, point-solutions that solve just one problem to solutions that can be leveraged through

3 min Nexpose

"Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it's not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability checks. How “True”

5 min Automation and Orchestration

Inspecting Network Traffic with tcpdump

Synopsis Tcpdump, as the name suggests, captures and dumps(writes) the network traffic passing through a given server’s or node’s network interfaces . It is a classic command line tool written in 1987 and remains one of the most powerful tools for analyzing network traffic. Many options and filters available in the tool makes it easier to slice and dice the data. The data then can be used by network administrators and enthusiasts for many purposes such as, security & forensic analyses, trouble s

5 min Automation and Orchestration

How to Install OpenVPN on Windows

Synopsis With the growth of online privacy and security concerns, as well as people wanting to work around geo-restrictions, VPNs are becoming much more mainstream. They no longer rest in the realm of security professionals and the overly paranoid. OpenVPN is the most secure VPN protocol you can use and this guide will teach you what it is, as well as how to install it on Windows. If you are looking to install OpenVPN on another operating system, visit their website

4 min Incident Detection

Web Shells 101: Detection and Prevention

2016 has been a big year for information security, as we've seen attacks by both cybercriminals and state actors increase in size and public awareness, and the Internet of Things comes into its own as a field of study. But today we'd like to talk about a very old (but no less dangerous) type of attacker tool – web shells – and new techniques Rapid7 is developing for identifying them quickly and accurately. What is a Web Shell? Web shells are web-based applications that provide a threat actor wi

2 min Metasploit

Metasploitable3 CTF Competition: Update and Leaderboard!

The Metasploitable3 Capture The Flag Competition has been underway for about a week now and the submissions have been pouring in! We're very excited to see so many great submissions. We're reviewing as fast as we can so if you don't hear back from us right away, don't worry, you will. For all valid submissions we will update this blog post and subsequent ones with the le

5 min IT Ops

The Generosity of Thought: Caring and Sharing in the Open Source Community

I want to share something with you that is pretty amazing. But, before I do, allow me to provide the backstory. The Backstory I’ve been using Open Source Software (OSS) for a while now. I started with the big ones, Apache , Maven , MySQL , etc…. But, as time went on and my work became more specialized, I started using smaller projects. When you use the big projects such as Maven and Apache, there’s a boatload of books, video

3 min Komand

3 Steps for Effective Information Security Event Triage [Infographic]

Before you jump into action when a security alrm sounds, you need to first assess what happened. Pulling together the details of the event will help you determine if there is a real security incident, and if so, how you will need to respond. But often in the frenzy of security alerts, we get caught up in processes or start jumping to conclusions without enough info. This can lead to a haphazard incident response. From my experience, there's a simpler way; one that is efficienct, not bogged dow

4 min Automation and Orchestration

Burp Series: Intercepting and modifying made easy

Synopsis As a penetration tester I have many tools that I use to help with web application testing, but the one tool that never lets me down is Burp suite by portswigger. Burp suite is an intercepting proxy that allows you to modify and inspect web traffic, it comes in two flavors, free and paid. The free version is powerful enough to assist any pen test engineer, whereas the paid version will add extra features to make your tests go smoother and faster. I am going to walk you through the beg

2 min

Metasploit Wrapup 12/9/16

Finding stuff For a very long time, msfconsole's search command has used a union of the results of all search terms. This means that if you do something like search linux firefox, you'll get a list of all modules that mention linux, regardless of the application they target, and all modules that mention firefox, regardless of their platform. Most people are probably expecting the intersection, i.e. you probably wanted to see only the modules that target Firefox on Linux. So now that's what happe

7 min Komand

How to Render Components Outside the Main ReactJS App

We use React here at Komand as one of our core libraries in our front-end applications and while it does a great job of abstracting away the code for managing the DOM, sometimes that can be problematic. With React, you have JSX which is just XML sugar for declaring what DOM elements you want React to render. React just renders the elements where they are defined within the JSX. For example, this JSX… <div className=“content”> Content <Modal> I’m a modal </Modal> </div> ... would res