4 min
I don't always write my own web application fingerprints, but when I do, I use XML
One of the awesome things about Nexpose is its extensibility. Nexpose now allows
you to write your own custom web application fingerprints, using a combination
of XPath and regular expressions. Coupled with the ability to add your own
custom checks
,
this allows you to write your own web application vulnerability coverage.
This fingerprinting functionality can be used on any web application that
provides its version i
5 min
IT Ops
Smart Continuous Delivery Using Automated Testing
This post is building on a recent post highlighting recommendations on how to
simplify your unit testing by using the right set of tools (Smart Integration
Testing with Dropwizard, Flyway and Retrofit
).
As a company like Logentries rapidly
grows, and the number of product features increases, an important question
arises around maintaining the highest level quality and user experience. That
level is usually where the
2 min
IT Ops
4 Ways to Use Centralized Log Management for Improved Production Monitoring
Is your team focused on preventing outages and minimizing downtime in
production?
Time to resolution is one of the most important operational KPIs for Ops teams,
becauseany time that your application is down, is too long for your users.
Whether it’s minutes, hours, or (in a worst case-scenario) days, any time that
your systems are down, your business is losing money; and more importantly,
customer trust and satisfaction. This creates additional pressure on your team
and hurts employee morale. By
3 min
Nexpose
Microsoft False Positives: "The update is not applicable to your computer"
One of the most common false positive cases we see from a support perspective is
a situation where Nexpose reports a vulnerability because a specific patch is
not installed, but when you try to apply the patch, the system will not let you
install it and says the patch is not applicable.
In many cases, this ends up being caused by another patch that is installed on
the system that prevents the patch you are trying to install from being
installed. Sometimes the patch that is installed and preven
3 min
Events
Weekly Metasploit Update: Countdown to DEFCON
Don't Be (too) Naked in Vegas
Wow, it's exactly two more weeks today until DEFCON. While Rapid7 has had a
vendor presence at Black Hat for many years (at booth #541), this year is, I
believe, the first time that we'll have a vendor table at DEFCON. I'm super
stoked about both gigs, since the Black Hat booth will give us an opportunity to
unload give away a fresh new batch of Metasploit T-Shirt Design contest
3 min
IT Ops
Digging Deeper on AWS: Real-time Alerting for Windows Security Events
After many conversations with our AWS customers and the AWS CloudTrail team, we
recently released our AWS CloudTrail integration
to automatically
support the most important log events our customers wanted to be monitoring
across their AWS environments. We found that some of the most common need for
notifications included:
* Starting, stopping, terminating, rebooting instances
* Creating or deletingsecuritygroups
* Creating and d
2 min
IT Ops
Revisiting the Past with Logentries and Syslog
When I was younger I was always amazed by my grandfather. He would revel me
in stories about how, when growing up, not only did he not have a car or
television, but he had to walk up hill “both ways” to get to school – without
shoes! And here I am today more or less saying the same thing about the late
70’s and early 80’s when client-server changeover that occurred during that time
and we all had servers sitting in our closets. Setting up syslog
back in
2 min
IT Ops
AWS CloudWatch Logs - Making Innovation Easier and Cheaper
Last week AWS made an exciting announcement at their NYC Summit, which I believe
is a big step in helping to reduce the cost of log management in the cloud
for end users and vendors alike –
good news all around!
What was announced?
Amazon announced ‘CloudWatch Logs’ which essentially allows you to send log data
from your EC2 instances into CloudWatch for storage and some rudimentary
analysis.
How does it work?
CloudWatch logs works by collecting y
3 min
Metasploit
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device Shells
This week, esteemed Metasploit
contributor @m-1-k-3 has been at it again with his
valiant personal crusade against insecure SOHO (small office/home office)
embedded devices with known vulnerabilities. We have a new trio of modules that
target D-Link gear, based on the research released by Craig Heffner and Zachary
Cutlip, which exploit two bugs present in the DSP-W215 Smart Plug, and one UPnP
comma
2 min
Logentries
Logs to Metrics to JSON to Geckoboard
The world of log management and
application performance monitoring are evolving and
there is no longer a big distinction between the two.
Up to even a year ago, many people in IT viewed logs as simply a means of
identifying and tracking issues once they have occurred within their system. It
was rare that people were using their logs for more than basic application event
tracking and watching for exceptions.
But over the
3 min
IT Ops
TCP or UDP for Logging – Which One to Use?
When sending data over the Internet, we want to be sure that data has arrived
safely and is delivered in a reliable manner. Assuming that our hardware and
operating systems do the job well, we can use transport protocol on the
application level to achieve that goal. In theOSI
model the two most populartransport
protocols areTCP
andUDP
2 min
IT Ops
Using Log Analysis to Find the .18%
Even the most non-technical audiences realize the business value in analyzing
their log data. DevOps professionals are constantly being asked to monitor their
application performance, and often rely on log data for troubleshooting,
diagnostics and application systems monitoring. The challenge is that the amount
of log data generated can be completely overwhelming.
Why log analysis is so difficult?
In one word — volume. Even relatively small applications, can generate millions,
or billions of lo
2 min
Weekly Metasploit Update: Another Meterpreter Evasion Option
Hopping Meterpreter Through PHP
This week, Metasploit landed and shipped the new Reverse HTTP hop stager
for Meterpreter
payloads, which opens up yet another avenue for pivoting about the Internet to
connect to your various and sundry Meterpreter shells. This is kind of a huge
deal.
For starters, this obviously helps with crossing artificial borders between
networks. You may have an engagement target that has a vulnerable web server in
4 min
Logentries
How to Get Full Visibility of CloudTrail, CloudWatch & System Logs
At re:Invent last year
AWS launched CloudTrail , which is
essentially a “trail” of all activity in your AWS Cloud environment… the clue is
in the name ;). CloudTrail has been widely accepted as a great addition to the
AWS toolset as it is useful for numerous use cases including security analysis,
troubleshooting, tracking of AWS resource usage, and more.
While CloudTrai
3 min
Metasploit Weekly Update: Prison Break
Boy, that escalated quickly!
In this week's Metasploit
update, we'd like to introduce two sandbox escaping exploits for Internet
Explorer, and demonstrate how you're supposed to use them. The two we're
covering are MS13-097, an escape due to Windows registry symlinks. And MS14-009,
by exploiting a type traversal bug in .Net Deployment Service. We will also
briefly go over other new modules and new changes, and here we go.
Why You Need a S