3 min
IT Ops
4 Reasons to Love Your Log Data
Data logging by essential IT equipment has been around since the beginning of
the modern computer era. Operating systems, application software, hardware, and
a plethora of IT equipment in and on the network generate log files, and IT
professionals can often find themselves knee deep in an overwhelming amount of
data, especially as cloud services are added to the mix
. But, the truth is that if used properly, log data
can be a very good friend to both IT and business
4 min
IT Ops
What is "real-time" anyway…?
I love a good buzzword…cloud, big data, analytics …And even more than the
buzzwords, I love the liberties people tend to take applying these buzzwords to
their new systems and services. Such buzzwords regularly get abused and often
get washed into marketing material and product websites in an attempt to
hoodwink and woo new unsuspecting customers. One of my (least) favorite
buzzwords, that I’ve noticed popping up more recently in particular in the
logging space is “real-time.”
So what does re
1 min
IT Ops
A Note on Logentries Security
The recent OpenSSL vulnerability CVE-2014-0160
, nicknamed “Heartbleed,”
affected large part of the Internet. It was caused by a relatively trivial bug,
a missing check for an input value, which can lead to a buffer overrun, causing
leaking of an unrelated block of memory. This can ultimately lead to
compromising of the secret keys used to encrypt the traffic, which essentially
allows attackers to eavesdrop on communications, steal data directly f
5 min
Exploits
Exploiting CSRF under NoScript Conditions
CSRFs -- or Cross-Site Request Forgery
vulnerabilities -- occur when a server accepts requests that can be “spoofed”
from a site running on a different domain. The attack goes something like this:
you, as the victim, are logged in to some web site, like your router
configuration page, and have a valid session token. An attacker gets you to
click on a link that sends commands to that web site on your behalf, without
your knowledge
4 min
From the Trenches: AV Evasion With Dynamic Payload Generation
By guest blogger Shane Rudy, Information Security Manager, AOScloud, C|EH | E|
CSA | L|PT | CPT | CEPT
A few weeks ago I was excited when Rapid7, asked me to participate in their 2014
Tech Preview Program for Metasploit Pro version 4.9 I have always enjoyed the
interaction I have had with the talented crew over at Rapid7 and I have been a
big fan of Metasploit Framework since its inception years ago.
Rapid7 has done an excellent job of interacting and allowing its users to
participate within t
5 min
Heartbleed War Room - Product FAQ
Quick reference links before we dive in:
* Heartbleed Vulnerability Resources
* Heartbleed War Room - FAQ
* Using Nexpose to stop the bleeding
* Metasploit's Heartbleed scanner module
Following up on our Heartbleed War Room webcast f
2 min
Exploits
Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability
Sophos Web Protection Appliance vs 3.8.1.1 and likely prior versions was
vulnerable to both a mass assignment attack which allowed privilege escalation,
as well as a remote command execution vulnerability as root available to admin
users. ZDI details the vuln here
.
This Metasploit module exploits both vulnerabilities in order to go from an
otherwise unprivileged authenticated user to root on the box. This is
particularly bad because this
3 min
Nexpose
Using Nexpose to Stop the Bleeding (Scanning for the OpenSSL Heartbleed Vulnerability)
By now you have almost certainly heard about the recently disclosed OpenSSL
Heartbleed vulnerability
(CVE-2014-0160). The April 9th update for Nexpose includes both authenticated
and unauthenticated vulnerability checks for Heartbleed.
Scanning your assets with the regular full audit template, or indeed any
template that isn't tuned to exclude many ports or vulnerabilities, will
automatically pick up this vulnerability. But it is also possible to create
3 min
IT Ops
Automating logging to Logentries
Staying on the subject of devops, specifically server automation and monitoring,
I’m going to show you how you can automatically send logs to Logentries using
Chef and Vagrant . If
you are unfamiliar with either of these technologies I suggest you have a look
through my previous posts to bring you up to speed on things.
We’re going to cover how to install the logentrie
4 min
Metasploit
Security Advisory: OpenSSL Heartbleed Vulnerability (CVE-2014-0160) in Metasploit (Updated 4/11/14 2:20pm EDT)
Metasploit 4.9.0 and earlier vulnerable to Heartbleed, update 4.9.1 addresses
critical cases
The Metasploit editions Metasploit Pro, Metasploit Express, and Metasploit
Community in versions 4.9.0 or earlier are vulnerable to the OpenSSL Heartbleed
Vulnerability (CVE-2014-0160). Please update to version 4.9.1 to remediate
critical vulnerabilities. See below for remediation instructions.
Metasploit Framework itself is not affected, but it has dependencies on other
components that may need to be u
3 min
Microsoft
It's the end of XP as we know it, April Patch Tuesday 2014, and, oh yeah... heartbleed.
So this is it, the last hurrah for the once beloved XP, the last kick at the can
for patching up the old boat. Sure, by today's standards it's a leaky,
indefensible, liability, but… hey, do you even remember Windows 98? Or (*gasp*)
ME? At least we can all finally put IE 6 to rest, once and for all, the final
excuse for corporate life-support has been pulled… except for legacy apps built
so poorly that they depend on IE 6 and are “too costly” to replace.
As everyone should know by now, ther
3 min
Exploits
Metasploit's Brand New Heartbleed Scanner Module (CVE-2014-0160)
Is the Internet down? Metasploit publishes module for Heartbleed
If you read this blog at all regularly, you're quite likely the sort of Internet
citizen who has heard about the Heartbleed attack and grasp how serious this bug
is. It's suffice to say that it's a Big Deal -- one of those once-a-year bugs
that kicks everyone in security into action. OpenSSL underpins much of the
security of the Internet, so widespread bugs in these critical libraries affects
everyone.
The subsequently published
14 min
Exploits
"Hack Away at the Unessential" with ExpLib2 in Metasploit
This blog post was jointly written by Wei sinn3r
Chen and Juan Vazquez
Memory corruption exploitation is not how it used to be. With modern mitigations
in place, such as GS, SafeSEH, SEHOP, DEP, ASLR/FASLR, EAF+, ASR, VTable guards,
memory randomization, and sealed optimization, etc, exploit development has
become much more complicated. It definitely shows when you see researchers
jumping through hoops like reverse-engineering
2 min
Metasploitable in the Cloud
This guest blog comes to us from Marius Corici from CTF365 .
When asked to describe himself he gave me the following: "I enjoy being an
entrepreneur and discovering new solutions for old problems. Motto: Think a lot
to do less and preserve energy to provide simplicity."
There is no doubt that the best way to learn Information Security is hands-on
and to make this easier, the guys from Rapid7 and Metasploit created
Metasploitable
2 min
Metasploit
R7-2014-05 Vulnerability in Metasploit Modules (Fixed)
Metasploit Pro, Community, and Express users are urged to update to the latest
version of Metasploit to receive the patch for the described vulnerability. Kali
Linux users should use the normal 'apt-get update' method of updating, while
other Metasploit Pro, Community, and Express users can use the in-application
Administration : Software Updates button.
A remote privilege escalation vulnerability has been discovered by Ben Campbell
of MWR InfoSecurity