All Posts

2 min IT Ops

E2N Reduces Anxiety and Increases Customer Satisfaction with Log Data

E2NGastro is a small startup in Germany, who provide a SaaS platform for restaurant management, staff management, timekeeping, and work schedules (among other services). We spoke with their CEO/CTO, Bjorn Raupach, who shared the history behind their use of log data. Before using a log management tool , E2N had log files, but they were difficult to locate. To access them, you had
4 min IT Ops

3 Common Problems Solved With JSON

One of the most common questions we get asked by customers is: “What’s the best way to log my data?” My answer is always: “log using JSON format wherever possible.” The next question we often get asked – (but not as much)… Yeah JSON, …Hmmm, what is JSON again? So JSON is:JavaScriptObjectNotation. But put simply, this is a way that data can be stored in a structured format, where each piece of data will usually have an identifier (known as a key) and a value (which can be in multiple forma
4 min IT Ops

7 Benefits of Cloud Computing for Non-Technical Techies

Much has been written about the cloud. What it is , where it is , how it works , etc. This isn’t going to be a rehash of those questions. This is a cloud computing guide for the non-developer or non-operations guy. The goal of this post is to lay the groundwork for a further discussion: of cloud vs. on-premise, an
2 min

HacmeBank & HacmeCasino in the Cloud | Free Windows Security Trainings

After Metasploitable in the Cloud and bWAPP , CTF365 has increase both, the number of "vulnerable by design" servers and operating systems by adding HacmeBank and HacmeCasino as vulnerable web applications courtesy to McAfee through Fundstone. The machines runs on Windows Server 2008 and WindowXP thanks to Microsoft through their Bizspark Startup Program and they are acces
1 min Windows

Mitigating Service Account Credential Theft

I am excited to announce a new whitepaper, Mitigating Service Account Credential Theft on Windows. This paper was a collaboration between myself, Joe Bialek of Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is shown below, Over the last 15 years, the Microsoft Windows ecosystem has expanded with the meteoric rise of the internet, business technology, and computing in gene
2 min Incident Response

Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)

As UserInsight grows and we look to add value to more incident response teams that have already chosen the solution that serves as their "single pane of glass", this series will update you on the integrations we build to share valuable context with those solutions. The Solution While FireEye and Mandiant were separately disrupting the security industry, they obtained a great deal of threat intelligence and indicators of compromise along the way. The FireEye Threat Analytics Platform (TAP for sh
13 min

Metasploit Gems From Scratch

Introduction As Metasploit adopts community best practices related to testing and code structure, we've started breaking up our new (and part of our old) work into separate projects that can developed and tested independently.  These smaller projects take the form of Ruby gems and Rails::Engines.  As we've made more and more gems, we've gotten a repeatable process for making new gems, but we thought our process might we useful for other developers in the community that are looking for a newer gu
5 min IT Ops

How to Avoid the Big Data Black Hole

It takes a lot of will power, in our data obsessed world to say “too much!” However, there are many ways where too much information is destroying productivity, and actually causing bad decision making, not good. But it is hard to avoid the world of opportunities that has been opened in data collection and analysis. So how do you balance the two? The first step is to understand there is a big difference between data collection, and it’s utilization. While it seems subtle, the difference is key, a
2 min Microsoft

Patch Tuesday - September 2014

It's a light round of Microsoft Patching this month.  Only four advisories, of which only one is critical.  The sole critical issue this month is the expected Internet Explorer roll up affecting all supported (and likely some unsupported) versions.  This IE roll up addresses 36 privately disclosed Remote Code Execution issues and 1 publically disclosed Information Disclosure issue which is under limited attack in the wild. This will be the top patching priority for this month. Of the three no
3 min IT Ops

Scaling with RESTful Microservice Architecture

As described in a previous post on this blog, we have been using the Dropwizard framework to quickly develop high quality, easily testable , RESTful microservices to expand the functionality of our product. These complement the existing multi-instance services running in our cluster and contribute to the continued scaling of the Logentries service.  Both i
2 min

AIX coverage: See what you need to see

In a huge refinement to IBM AIX vulnerability coverage, Nexpose version 5.10.8 and later scans AIX machines for a specific set of patches related to known vulnerabilities. This more focused approach provides easier management of AIX machines by allowing you to see very quickly how affected systems are vulnerable and which solutions need to be applied. As Nexpose searches only for vulnerabilities, the scans are significantly faster. This allows you to stay up to date with the published vulnerabi
2 min

How do You USB?

All the perimeter protection in the world won't stop an attack that doesn't get checked by the security measures around your perimeter, assuming the perimeter is still a viable term in today's distributed, mobile, and virtual world.  If an attacker were to drop a USB stick in a public area of your company, what are the chances that USB stick eventually finds a USB port? Pretty good.

4 min IT Ops

Monitoring & Analyzing AWS CloudTrail Data From Multiple AWS Regions

We recently released AWS CloudTrail integration with Logentries – and not surprisingly we’ve seen a significant uptick in adoption as one of our most popular integrations. My job as director of customer success is to make things as simple for our customers as possible. One question that consistently pops up, is how to collect AWS CloudTrail logs from multiple AWS regions. We follow Amazon’s best practices

6 min Metasploit

Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10

In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit Commercial Editions) to be a full-fledged Rails::Application.  You may be wondering why Metasploit Framework and prosvc, should be Rails applications when they aren't serving up web pages.  It all has to do with not reinventing the wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine. Rails 3.0 infrastructure Since Rails 3.0, Rails has been broken into multiple gems that didn't require each other a
2 min Nexpose

Software defined security made real

This week were headed for VMworld 2014 in San Fransisco and we're excited to be talking about how Rapid7 is partnering with industry leaders like Symantec, Palo Alto Networks, and of course VMware to build out the VMware NSX security ecosystem . Together we've created an integrated system that collaborates together leveraging the NSX platform to automate risk identification and mitigation for VMware customers

Popular Topics

Tags