4 min
IT Ops
Common Angular Routing Challenges
When it comes to frameworks, no one is perfect. As we migrate the Logentries
application from legacy code to Angular, we’ve encountered a few interesting
challenges along the way that we’ve enjoyed investigating and resolving. While
specific challenges often depend on your project and migration strategy, the aim
of this post is to share our solutions to problems one may encounter when
migrating an app to Angular. In particular, I’ll focus on how Angular handles
routing and some issues we’ve en
2 min
UserInsight Ranks Users by Risky Behavior
UserInsight now ranks risky users through behavioral analytics. UserInsight,
the
User and Entity Behavior Analytics (UEBA) solution
, spots user behavior such as unusual admin activity, authentications to new
assets, and new user locations and highlights users that exhibit several such
behaviors. The User Risk Ranking augments UserInsight's low-noise incident
alerts and enables administrators to g
4 min
Microsoft
Microsoft Attack Surface Analyzer (ASA): It's for defenders too!
Attack Surface Analyzer
, a tool made by
Microsoft and recommended in their Security Development Lifecycle Design Phase
, is meant primarily for
software developers to understand the additional attack surface
their products add to
Windows systems.
As defenders, this tool can be very useful.
The tool is meant to identify changes on
5 min
Phishing
10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks
, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan in case someone
does get th
20 min
Metasploit
A debugging session in the kernel
Last week, an awesome paper
about the MS15-078 vulnerability and it's exploitation was published by Cedric
Halbronn . This vulnerability, originally found
and exploited by Eugene Ching , already has a
work-in-progress module in Metasploit, which you can follow on github
6 min
CISOs
CISOs: Do you have enough locks on your doors?
In a previous blog post
, I referenced
some research on how people plan for, or rather how they fail to plan for,
natural disasters like floods. At the end of the blog post I mentioned that
people who have poor mental models about disasters fail to prepare fully. I keep
coming back to the idea of mental models because it starts to explain why we
have such a gap between security practitioners and senior executives.
I asked one CISO
3 min
InsightIDR
Top 5 Alternatives For SPAN or Mirror Ports
Don’t want to use SPAN ports, but still need a source of network packets? In this blog post we break down the top 5 alternatives for you to consider.
1 min
IT Ops
Best Practices for Container Log Analysis: Part 2
This 3-part series explores the challenges presented by containers and the
advantages of using an end-to-end container log monitoring solution for complete
container environment visibility.
When working with containers, setting up a local image repository like Docker’s
Registry can enable a team to iterate quickly, easily storing image versions in
a central location to be used as needed. Yet as multiple team members update
images, start, st
1 min
IT Ops
Best Practices for Container Log Analysis: Part 1
This 3-part series explores the challenges presented by containers and the
advantages of using an end-to-end container log monitoring solution for complete
container environment visibility.
As container environments become mainstream, it’s important to consider the most
common challenges of migrating a monolithic application into containerized
microservices and how to overcome them.
While containers introduce new levels of flexibility from
6 min
Vulnerability Disclosure
Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)
Prior to RStudio version 0.99.473, the RStudio integrated toolset for Windows is
installed and updated in an insecure manner. A remote attacker could leverage
these flaws to run arbitrary code in the context of the system Administrator by
leveraging two particular flaws in the update process, and as the RStudio user
via the third update process flaw. This advisory will discuss all three issues.
Since reporting these issues, RStudio version 0.99.473 has been released. This
version addresses all
13 min
Metasploit
Using Reflective DLL Injection to exploit IE Elevation Policies
As you are probably aware, sandbox bypasses are becoming a MUST when exploiting
desktop applications such as Internet Explorer. One interesting class of sandbox
bypasses abuse IE's Elevation Policies. An example of this type of sandbox
bypass is CVE-2015-0016
. The
vulnerability has already been analyzed by Henry Li, who published a complete
description in this blog entry
2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
3 min
IT Ops
What is Elastic Logging?
We’re all familiar with the concept of “Elasticity” – the way cloud
infrastructures can automatically react to their required workloads, scaling
resources up or down as needed. While elastic environments provide us with much
needed flexibility, they have also historically presented challenges when trying
to monitor activity from their ephemeral components. Automatically accounting
for new nodes can be tricky while scaling up. And when scaling down, data
associated with these nodes is potentially
3 min
The Absence of Evidence in Breaches
Try this experiment. Go to your favorite search engine and type this:
”no evidence” security compromise
(Other variations are also interesting, including adding words like “breach”)
There is something about the phrase “no evidence” that troubles me. You may have
noticed the same thing. On a regular basis organizations say that there is no
evidence of compromise, and no evidence that attackers gained access to
user/customer/employee data. They write these phrases to lessen the blow of what
is
1 min
Nexpose
The Easy Button for Updating your Nexpose Database
Relax while Nexpose does the work for you
You may have received notifications that you need to update your Nexpose
database soon in order to continue receiving product updates. You may have been
putting it off because it sounds like a pain.
Good news: it's simple!
Have you seen the Staples commercials with the “easy button?” Nexpose basically
has that for the update. You don't have to go in to your database and mess
around with an upgrade wizard. Nexpose handles all that for you. All you ha