All Posts

Logentries Joins the Rapid7 Family

I'm very excited today to join the Rapid7 family. The acquisition is good news for Logentries customers, Rapid7 customers and all of our employees. It means that great minds and innovative technology have come together to solve some of our thorniest IT and security challenges. The Logentries team has been on a mission over the last few years -- Revealing the Power of Log Data to the World. While pursuing our mission, I am often asked why log data has become so valuable. The answer is simple: l

2 min Exploits

R7-2015-17: HP SiteScope DNS Tool Command Injection

This is a vulnerability advisory for the HP SiteScope DNS Tool Command Injection vulnerability, made in accordance with Rapid7's disclosure policy. Summary Due to a problem with sanitizing user input, authenticated users of HP SiteScope running on Windows can execute arbitrary commands on affected platforms as the local SYSTEM account. While it is possible to set a password for the SiteScope application administrator, this is not enforced upon installation. Therefore, in default deployments, an

1 min Metasploit

Metasploit Framework Tools Reorg

There are a wide variety of interesting and useful tools in the Metasploit Framework. Many of these are available from the top-level of Metasploit in the form of modules and library code. You can find countless tutorials and blogs about how to put msfconsole, msfvenom and other top-level commands to good use. However, not many people know about the 'tools' directory, which contains many useful, single-purpose scripts, with topics spanning from exploit development to statistics. One of the probl

4 min Metasploit

New Metasploit Tools to Collect Microsoft Patches

Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate. The same process is also used to find the range of builds affected by a vulnerability, which tends to be useful to predict the value of the exploit, improving target coverage and reliability. Going through Microsoft patches is no easy task, tho

3 min Nexpose

Nexpose 6.0: Using Adaptive Security

Overview Adaptive Security is a new feature released in Nexpose 6.0 that dynamically collects and analyzes the important network changes with minimal configuration needed from the user. This new feature allows you to create workflows called automated actions that can respond to various behaviors occurring in your environment automatically. For further explanation, please feel free to read Adaptive Security Overview. Triggers and Actions Currently Adapti

2 min Windows

Metasploit Framework Open Source Installers

Rapid7 has long supplied universal Metasploit installers for Linux and Windows. These installers contain both the open source Metasploit Framework as well as commercial extensions, which include a graphical user interface, metamodules, wizards, social engineering tools and integration with other Rapid7 tools. While these features are very useful, we recognized that they are not for everyone. According to our recent survey of Metasploit Community users, most only used it for the open source comp

3 min IT Ops

Revealing Hidden Insights with Docker & timeslice()

Over the last few months, you’ve probably noticed that we’ve been talking about Docker quite a lot – we think this lightweight and powerful way of managing environments is only going to increase in popularity. Docker has been evolving their logging capabilities with each release, so of course we’re interested in how we can help you get log data from Docker into Logentries for quick and powerful analysis. In August, we announced a new way to collect and analyze Docker logs for free with our Doc

2 min

Adaptive Security Overview

In Nexpose 6, we are introducing Adaptive Security, a smarter way to automate actions taken based on security incidents as they occur in your environment. The ultimate goal is to give back to security teams the time spent configuring tools to respond to a threat and automating the tedious and repetitive tasks taken to understand changes in the asset inventory and the threat landscape. With Adaptive Security, you can create workflows called automated actions that respond to new and existing asse

6 min Metasploit

Flipping bits in the Windows Kernel

Recently, the MS15-061 bulletin has received some attention. This security bulletin includes patches for several Windows Kernel vulnerabilities, mainly related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been very well covered. First, the same Udi Yavo published details about the Use After Free on a blog entry. Later, Dominic Wang wrote a even more detailed analysis of both the vulnerability and its exploitation on this paper. Finally, Meysam

1 min IT Ops

Introducing LEQL: SORT()

If you’re familiar with a query language like SQL, you’re likely used to being able to sort your query results. When querying log data, sorting your results can come in handy when you want to analyze things like which Docker containers are using the most memory , or which URLs are being request most frequently from your CDN. Today, we’re announcing SORT as the latest function introduced into Logentries’ query language, LEQL. Much

3 min Application Security

All Red Team, All the Time

In last week's blog (which you should read now if you have not), I said: > The core problem with security today isn't about technology. It's about misaligned incentives. We are trying to push security onto people, teams, and processes that just don't want it. To be clear, it's not that people don't care. They say they want security, and I believe them. Or more precisely, part of their brain wants security. People who want to break a bad habit

2 min

Bugzilla Privileged Bug Disclosure (CVE-2015-4499)

Yesterday, PerimeterX disclosed an issue in the venerable Bugzilla bug tracker, which can allow an untrusted attacker to gain access to privileged bug reports. This includes, of course, privately reported, but still unfixed, security vulnerabilities. Operators of Bugzilla bug trackers which use e-mail based permisisons are strongly advised to patch today. This would be a good place to insert a "yo dawg" joke about bugs in bugs, but I trust yo

10 min CISOs

Push vs Pull Security

I woke up from a dream this morning. Maybe you can help me figure out what it means. Your company hired me to build a security program. They had in mind a number of typical things. Build a secure software development lifecycle so app developers didn't code up XSS vulnerabilities. Improve network security with new firewalls, and rolling out IDS sensors. Set up training so people would be less likely to get phished. Implement a compliance program like NIST or ISO. And you wanted all of that rolle

7 min IT Ops

Do you need an Architect in a Software Company?

This may be a dangerous question to ask for someone whose role is that of an Architect, but I think it is a valid question for an Architect to ask. This is particularly true in the software industry where the role is interpreted in many different ways. In some cases, an Architect may work in an established enterprise company and hand down instructions on technology stacks to the developers. At the other extreme an Agile development team may work without the involvement of an Architect. Neither