1 min
Logentries
Logentries Joins the Rapid7 Family
I'm very excited today to join the Rapid7 family. The acquisition is good news
for Logentries customers, Rapid7 customers and all of our employees. It means
that great minds and innovative technology have come together to solve some of
our thorniest IT and security challenges.
The Logentries team has been on a mission over the last few years -- Revealing
the Power of Log Data to the World. While pursuing our mission, I am often asked
why log data has become so valuable. The answer is simple: l
2 min
Exploits
R7-2015-17: HP SiteScope DNS Tool Command Injection
This is a vulnerability advisory for the HP SiteScope DNS Tool Command Injection
vulnerability, made in accordance with Rapid7's disclosure policy.
Summary
Due to a problem with sanitizing user input, authenticated users of HP SiteScope
running on Windows can execute arbitrary commands on affected platforms as the
local SYSTEM account. While it is possible to set a password for the SiteScope
application administrator, this is not enforced upon installation. Therefore, in
default deployments, an
1 min
Metasploit
Metasploit Framework Tools Reorg
There are a wide variety of interesting and useful tools in the Metasploit
Framework. Many of these are available from the top-level of Metasploit in the
form of modules and library code. You can find countless tutorials and blogs
about how to put msfconsole, msfvenom and other top-level commands to good use.
However, not many people know about the 'tools' directory, which contains many
useful, single-purpose scripts, with topics spanning from exploit development to
statistics.
One of the probl
4 min
Metasploit
New Metasploit Tools to Collect Microsoft Patches
Patch testing and analysis are important parts in vulnerability research and
exploit development. One popular reason is people would try this technique to
rediscover patched bugs, or find ways to keep an 0day alive in case the fix in
place is inadequate. The same process is also used to find the range of builds
affected by a vulnerability, which tends to be useful to predict the value of
the exploit, improving target coverage and reliability.
Going through Microsoft patches is no easy task, tho
3 min
Nexpose
Nexpose 6.0: Using Adaptive Security
Overview
Adaptive Security is a new feature released in Nexpose 6.0 that dynamically
collects and analyzes the important network changes with minimal configuration
needed from the user. This new feature allows you to create workflows called
automated actions that can respond to various behaviors occurring in your
environment automatically. For further explanation, please feel free to read
Adaptive Security Overview.
Triggers and Actions
Currently Adapti
2 min
Windows
Metasploit Framework Open Source Installers
Rapid7 has long supplied universal Metasploit installers for Linux and Windows.
These installers contain both the open source Metasploit Framework as well as
commercial extensions, which include a graphical user interface, metamodules,
wizards, social engineering tools and integration with other Rapid7 tools. While
these features are very useful, we recognized that they are not for everyone.
According to our recent survey of Metasploit Community users, most only used it
for the open source comp
3 min
IT Ops
Revealing Hidden Insights with Docker & timeslice()
Over the last few months, you’ve probably noticed that we’ve been talking about
Docker quite a lot – we think this lightweight and powerful way of managing
environments is only going to increase in popularity.
Docker has been evolving their logging capabilities with each release, so of
course we’re interested in how we can help you get log data from Docker into
Logentries for quick and powerful analysis.
In August, we announced a new way to collect and analyze Docker logs for free
with our Doc
2 min
Adaptive Security Overview
In Nexpose 6, we are introducing Adaptive Security, a smarter way to automate
actions taken based on security incidents as they occur in your environment. The
ultimate goal is to give back to security teams the time spent configuring tools
to respond to a threat and automating the tedious and repetitive tasks taken to
understand changes in the asset inventory and the threat landscape.
With Adaptive Security, you can create workflows called automated actions that
respond to new and existing asse
6 min
Metasploit
Flipping bits in the Windows Kernel
Recently, the MS15-061 bulletin has received some attention. This security
bulletin includes patches for several Windows Kernel vulnerabilities, mainly
related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been
very well covered.
First, the same Udi Yavo published details about the Use After Free on a blog
entry. Later, Dominic Wang wrote a even more
detailed analysis of both the vulnerability and its exploitation on this paper.
Finally, Meysam
1 min
IT Ops
Introducing LEQL: SORT()
If you’re familiar with a query language like SQL, you’re likely used to being
able to sort your query results. When querying log data, sorting your results
can come in handy when you want to analyze things like which Docker containers
are using the most memory
, or which URLs
are being request most frequently from your CDN.
Today, we’re announcing SORT as the latest function introduced into Logentries’
query language, LEQL. Much
3 min
Application Security
All Red Team, All the Time
In last week's blog (which you should read
now if you have not), I said:
> The core problem with security today isn't about technology. It's about
misaligned incentives. We are trying to push security onto people, teams, and
processes that just don't want it.
To be clear, it's not that people don't care. They say they want security, and I
believe them. Or more precisely, part of their brain wants security. People who
want to break a bad habit
2 min
Bugzilla Privileged Bug Disclosure (CVE-2015-4499)
Yesterday, PerimeterX disclosed an issue
in the venerable Bugzilla
bug tracker, which can allow an untrusted attacker to gain access to privileged
bug reports. This includes, of course, privately reported, but still unfixed,
security vulnerabilities. Operators of Bugzilla bug trackers which use e-mail
based permisisons are strongly advised to patch today. This would be a good
place to insert a "yo dawg" joke about bugs in bugs, but I trust yo
10 min
CISOs
Push vs Pull Security
I woke up from a dream this morning. Maybe you can help me figure out what it
means.
Your company hired me to build a security program. They had in mind a number of
typical things. Build a secure software development lifecycle so app developers
didn't code up XSS vulnerabilities. Improve network security with new firewalls,
and rolling out IDS sensors. Set up training so people would be less likely to
get phished. Implement a compliance program like NIST or ISO. And you wanted all
of that rolle
7 min
IT Ops
Do you need an Architect in a Software Company?
This may be a dangerous question to ask for someone whose role is that of an
Architect, but I think it is a valid question for an Architect to ask. This is
particularly true in the software industry where the role is interpreted in many
different ways. In some cases, an Architect may work in an established
enterprise company and hand down instructions on technology stacks to the
developers. At the other extreme an Agile development team may work without the
involvement of an Architect. Neither
7 min
IT Ops
Log Analysis for Containers
Introduction
The IT and DevOps world has come a long way with infrastructure.
Virtualization revolutionized our ability to quickly deploy an application and
scale up services when needed, paying only for the computing power used. Over
the last few years, agile methodologies and continuous delivery have pushed VMs
to their limits. Many teams still repeatedly use a single VM for releases and
testing. Production VMs rarely change unless something goes seriously wrong. At
the pace software develop