4 min
Public Policy
Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201
On Mar. 3rd, Rapid7, Bugcrowd , and HackerOne
submitted joint comments to the Copyright Office urging
them to provide additional protections for security researchers. The Copyright
Office requested public input
as part of a study on Section 1201
of the Digital Millennium
Copyright Act (DMCA). Our comments to the Copyright Office focused on reforming
5 min
IT Ops
Brics Vs RE2/J
By Benoit Gaudin and Mark Lacomber
Regular Expressions
When it comes to searching unstructured data, regular expressions are a very
useful and powerful tool. The power provided by popular regular expression
libraries does come with a significant performance cost in some cases though,
both when compiling regular expressions into automata (state explosion problem
when determinising automata) and when using these automata to match input. These
constraints are usually acceptable for individuals ne
3 min
Release Notes
Weekly Metasploit Wrapup: March 14, 2016
Scanning for the Fortinet backdoor with Metasploit
Written by wvu
Metasploit now implements a scanner for the Fortinet backdoor. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
5 min
IT Ops
A point of @Contention- cache coherence on the JVM
Java 8’s major changes- lexical closures, the stream API, e.t.c have
overshadowed a slew of little gems, one of which I only discovered the other
day- the @Contended annotation.
False Sharing
Chances are you’re reading this on a device with more than one CPU. There’s
therefore also quite a good chance the you have more than one thread of
execution running at the exact same time. There’s an equally good chance that
some of your fancy multiprocessor CPU’s on-die memory (aka L2/3 cache) is share
3 min
Atomic Design @ Rapid7
Device-Level Design Should Not Be A Thing
Large monitors, small monitors, laptops, tablets, smartphones, smartwatches,
toasters, refrigerators…where will it end? Nowadays, application designers need
to consider a plethora of devices as they design. While we are not considering
designing Nexpose and InsightIDR for your toaster, maybe one day we will!
Although, Brad Frost tells the world of design that device-level design is an
outdated concept. That's news to our ears! Let's look at this more c
3 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 3
This is the third post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Here's Part 1
and
Part
2 .
Intelligence Analysis in Security Operations
In the first two parts of this series we talked about frameworks for
understanding and approaching intelligenc
5 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 2
This is the second post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Read Part One here
.
Tinker, Tailor, Soldier, Spy: Utilizing Multiple Types of Intelligence
Just as there are different operational levels of intelligence—discussed in
detail in the first post
4 min
IT Ops
Deciphering MySQL Logs: The What, Why, and How
Logs are one of the best ways to understand what a server is doing. Thankfully,
MySQL has no shortage of log activity to assist a DBA in its maintenance. It
writes out its activity to 5 different logs. This post will take a look at the
existing MySQL logs and how they assist the administrator.
* On Windows, - The log is written to the data directory with a .err extension
even if not explicitly enabled.
* Errors are automatically written to the Event Log. This behavior is standard
and
4 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 1
This is the first post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations.
There is a consensus among many in threat intelligence
that the way
the community has approached threat intelligence in the past - i.e, the “Threat
Data → SIEM → Magical Security Rainbows” approach has left something to be
desired, and that something is usu
5 min
IT Ops
The Role of Log Files in Experiments
You have heard, no doubt, of theLean Startup
. If you need a refresher to place the name, it’s a book, but it’s also a
business trend with such momentum as to have awebsite advertising it as a
“movement.” And, frankly, that advertisement is
hardly a stretch. The title and the terms coined in it are on everyone’s lips
in the tech industry these days because people at companies of all s
3 min
InsightIDR
Launching InsightIDR: From compromise to containment, FAST.
We just launched InsightIDR, the only fully integrated detection and
investigation solution that lets you identify a compromise as it occurs and
complete an investigation before things get out of control. InsightIDR does
three things well: detect attacks with high fidelity, accelerate investigations,
and end the drudgery of security data management. I'd like to take a minute to
share how we got here and why we're so excited to show you InsightIDR.
Cutting through the Noise to Detect Attacks
5 min
IT Ops
TypeScript Language Primer
What is TypeScript?
TypeScript is an open source typed superset of JavaScript
which compiles to plain JavaScript.
Many people have considered JavaScript’s loose typing as a problem, but now
TypeScript offers a solution to that. Specifically, TypeScript allows you to
code with decorators/annotations, classes, interfaces, private properties and
typing compliance.
We also might say that TypeScript is ES6 with some extra options.
What does TypeScript do?
6 min
IoT
Smile! You're on Candid APT
Recently IP camera hacking has taken front stage in the news
. Actually, hacking IP cameras is not all that new—it's been around for a number
of years—but historically the focus has been related to gaining access to just
the video portion of the camera. But with IP cameras being one of the many IoT
technologies out there often found to be improperly secured, I figured it was
time to look
8 min
IT Ops
IOT made real - Using TI SensorTag data with Logentries and NodeRed
Learn how to send IoT Data from the TI CC 2650 SensorTag to Logentries (using
Node-Red).
This is the first of a series of IoT blogs that show you how easy it can be to
integrate a range of real sensor devices with Logentries and how to use the data
from those devices once it is in Logentries. This follows the earlier blog
showing why a centralised
logging service would be useful for IoT developers and users. This series of
blogs will show ju
2 min
IoT
CVE-2015-7547: Revenge of Glibc Resolvers
If you've been involved in patch frenzies for any reasonable amount of time, you
might remember last year's hullabaloo around GHOST
, a
vulnerability in glibc's gethostbyname() function. Well, another year, another
resolver bug.
gethostbyname(), meet getaddrinfo()
This time, it's an exploitable vulnerability in glibc's getaddrinfo(). Like
GHOST, this will affect loads and loads of Linux client and server applications,
and lik