5 min
Metasploit
Pentesting in the Real World: Going Bananas with MongoDB
This is the 4th in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
Prefa
4 min
IT Ops
Exporting Logentries data with Leexportpy
Leexportpy, the Logentries utility that exports your log data to 3rd parties,
has built-in support for various services such as Kafka, Geckoboard and Hosted
Graphite. Without any modification to the current code, you can use these
services to extract your Logentries data.
To begin, make sure your read-write or read-only API key is correctly placed in
the LE section of your configuration file as shown below. Also make sure you
have read the first blog post of this series.
4 min
Application Security
AppSpider application security scanning solution deepens support for Single Page Applications - ReactJS
Today, Rapid7 is pleased to announce an AppSpider (application security
scanning) update that includes enhanced support for JavaScript Single Page
Applications (SPAs) built with ReactJS. This release is significant because SPAs
are proliferating rapidly and increasingly creating challenges for security
teams. Some of the key challenges with securing SPA's are:
1. Diverse frameworks - The diversity and number of JavaScript frameworks
contributes to the complexity in finding adequate scan co
7 min
IT Ops
What exactly is an Event-loop?
“The price of reliability is the pursuit of the utmost simplicity” – C.A.R Hoare
Rather than doing another all-out performance post, I’ll look at some aspects of
asynchronous I/O today instead: what it is at a high level, what it isn’t and
why you would use it.
There aren’t many aspects of programming today that are as saturated with
buzzwords and misinformation as asynchronous IO and some of the frameworks which
build on top of this. If you work with server code which has to handle a
nontri
4 min
Komand
How Security Orchestration Can Stop Insider and Outsider Attacks
Running a successful security operations center
(SOC) is a tall order. It requires assembling an ideal mix of people,
processes,
and tools
, and connecting them in ways that make it possible to respond to threats fast
while also maintaining a strategic overall security posture.
One of the best ways to make sure that a SOC runs seamlessly is
3 min
Penetration Testing
Pentesting in the Real World: Capturing Credentials on an Internal Network
This is the second in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications
10 min
IT Ops
Introduction to the Logentries Command Line Interface
The Logentries Command Line Interface (CLI) allows you to both manage and use
your Logentries service right from the command line. The CLI is built on the
Logentries REST APIs and provides a
tool to interact directly with the Logentries service outside of the UI. It is
in beta and currently supports retrieving log events, and performing queries and
calculations on log events using our powerful querying language LEQL
8 min
Vulnerability Disclosure
R7-2016-10: Multiple OSRAM SYLVANIA Osram Lightify Vulnerabilities (CVE-2016-5051 through 5059)
Nine issues affecting the Home or Pro versions of Osram LIGHTIFY were
discovered, with the practical exploitation effects ranging from the accidental
disclosure of sensitive network configuration information, to persistent
cross-site scripting (XSS) on the web management console, to operational command
execution on the devices themselves without authentication. The issues are
designated in the table below. At the time of this disclosure's publication, the
vendor has indicated that all but the la
5 min
Metasploit
Pentesting in the Real World: Gathering the Right Intel
This is the first in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
So
4 min
IT Ops
Using Logentries With Angular v1.5
The post assumes at least a basic knowledge of Angular. Angular is a very
opinionated framework so make sure you have some experience with Angular before
following the instructions presented below.
Logentries can integrate into whatever Javascript framework you want to use.
Previously, we examined adding Logentries to a React application
. This post
will illustrate how to add Logentries to your Angular v1 application using
2 min
Komand
How to Build a Powerful Cybersecurity Arsenal with Free & Open Source Tools
Whether you're creating a security program on a budget or building a security
operations center with cost-effectiveness in mind, we believe having the right
people, processes, and tools—in that order—is essential to an effective security
posture.
We’ve talked before about finding the right people andassembling your security
team first
is a smart move. Today, we want to talk about the “tools” part of the equation
7 min
Komand
Making Bug Reporting Easier with AWS S3 and AWS Lambda
Getting users to submit bug reports can take time, energy, and thus requires a
strong desire for the consumer to act upon. For developers, it means that it may
take more time to be notified of a bug. Not everyone is a power user who will
report odd things, especially those that are not mission critical.
Here at Komand, we came up with a neat little solution to make reporting bugs
easier for our users. To do this we must take some of the work out of the
reports. Tasks such as bug notifications (
4 min
IT Ops
REST API: a little cURL and some Python
Here at Logentries
work has been going for sometime in bringing to our customers a powerful and
flexible REST API service for interaction with
their log data. This work started out with the REST Query API
8 min
Komand
Quick security wins in Golang (Part 1)
We all know security is hard. Let’s walk through some basic security principles
you can use to get your Golang web application up and running securely. If you
just want to see the code check out the application on Github: Golang Secure
Example Application (gosea) .
Recently, I gave a lightning talk on using Golang middleware to implement some
basic security controls at the Boston Golang Meetup
. This post will i
3 min
IT Ops
Backup Log Checks and What They Can Tell You
There is simply no substitute for a recent, accurate backup when it comes to
recovering from file or system damage or outages. But that backup must be
complete and error-free to make a full recovery possible. That’s why inspecting
log files from backups is a critical and important step in verifying their
accuracy or coverage, and a necessary check before performing a restore that
converts any backup image or files into production status.
Your backup logs