4 min
Metasploit
Bypassing Adobe Reader Sandbox with Methods Used In The Wild
Recently, FireEye identified and shared information
about two vulnerabilities used in the wild to exploit Adobe Reader on Windows XP
SP3 systems. The vulnerabilities are:
* CVE-2013-3346 : An Use After Free on
Adobe Reader. Specifically in the handling of a ToolButton object, which can
be exploited through document's Java
3 min
Exploits
Metasploit Weekly Update: Adobe Reader Exploit and Post-Exploitation YouTube Broadcasting
New Adobe Reader ROP Gadgets
This week, Juan Vazquez put together a neat
one-two exploit punch that involves a somewhat recent Adobe Reader vulnerability
(disclosed back in mid-May) and a sandbox escape via a OS privilege escalation
bug. I won't give away the surprise there -- he'll have a blog post about it up
in a few hours. Part of the work, though, resulted in some new entries in
Metasploit's RopDB; specifically, for Adobe Reader versions 9, 10, and 11.
6 min
IT Ops
How to Configure Rsyslog with Any Log File; Agents Bad...No Agents Good...
Last week I wrote “In Defense of the Agent .”
One of the main advantages of using agents is the ability to easily get the
agent configured to monitor logs of any type
no matter where those logs live on
your file system. We posted the article on Reddit and there were some
interestingcomments
and
discussion – it’s fairly obvious that there is
2 min
API
SQL Export Report using the API
This morning we published the release of the new SQL Query Export
report. Simultaneously the Nexpose Gem
has released version 0.6.0
to support this new report format in all the reporting API calls (you must
update to this latest version to run the report). When the SQL Query Export is
paired with adhoc-report generation, you are a
3 min
ControlsInsight Year In Review
While many are already looking ahead and making security predictions for 2014
, it's also
important to pause and reflect on the year that's been. It's been a whirlwind
year for ControlsInsight. We developed and launched a new product from the
ground up - this in itself is an achievement that everyone involved should be
proud of.
Since launching in August, we've already released 7 product updates to quickly
make improvements based on us
3 min
IT Ops
5 Uses for Log Data That You Never Thought Of
When you think of logs, what do you think of? It’s most likely troubleshooting
software applications and the infrastructure that underlies them, keeping an eye
on your production apps…perhaps even database logs and some other things like
that. Traditional log management stuff…I’m guessing
it’s not sports cars, law enforcement, lighting, marketing metrics, and beer.
Well guess what? It can be!
1) Fact Check a Journalist
Back in February of 2013 The New York Times publis
2 min
Microsoft
December 2013 Patch Tuesday
One more go around the block for 2013 and like the last, late tropical storm of
the season, Microsoft is taking one last swipe and security and IT teams alike.
This Patch Tuesday features a solid 11 advisories affecting 6 different product
types. All supported versions of Windows, Office, Sharepoint, Exchange, Lync
and a mixed bag of developer tools are affected. 5 of the advisories are rated
critical, including one affecting Exchange and one affecting Sharepoint and
Lync, not to mention th
3 min
Exploits
Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP
Meterpreter Extended API
This week, we've got some new hotness for Meterpreter in the form of OJ
TheColonial Reeves' new Extended API (extapi)
functionality. So far, the extended API is for Windows targets only (hint:
patches accepted), and here's the rundown of what's now available for your
post-exploitation delight:
* Clipboard Management: This allows for reading and writing from the target's
clipboard. This includes not only text, like you'd expect, but
2 min
Networking
Top 3 reasons Small-to-Medium Businesses fail at security
Cyberattacks are on the rise with more sophisticated attack methods and social
engineering being employed against just about any entity with an Internet
presence. According to a recent study cited by the U.S. House Small Business
Subcommittee on Health and Technology, companies that were 250 persons or less
were the target of 20% of all cyberattacks. A more sobering claim of the study
is the roughly 60% of small businesses that close within 6 months following a
cyberattack.
While cyberattacks a
3 min
Penetration Testing
#pwnSAP Tweet Chat Debrief
On December 3, Rapid7 security researcher Juan Vazquez hosted a panel of experts
for a tweet chat to
discuss SAP system hacking. The #pwnSAP chat was a great discussion – here are
some highlights.
Juan's first question was, “Can you start by telling us a bit about how SAP
system hacking has changed lately?” @todb called this research paper, SAP
Penetration Testing Using Metasploit – How to Protect Sensitive ERP Data
3 min
Metasploit
Weekly Metasploit Update: SAP and Silverlight
SAP SAPpy SAP SAP
We've been all SAP all the time here in the Independent Nations of Metasploit,
and expect to be for the rest of the week. You might recall that Metasploit
exploit dev, Juan Vazquez published his
SAP
survey paper
a
little while back; on Tuesday, we did a moderated twitter chat on the hashtag
#pwnSAP with the major
S
4 min
Logentries Add-Ons for Heroku Environment pt. 1 – CloudAMQP
We recently announced ouradd-on program at Logentries
, which allows third party vendors to send
their log data toLogentries < and to highlight
important events for their users via ourtagging, alerting and reporting features
. This allows vendors to predefine
what log events their users really need to know about and if there are
particular thresholds that indicate trouble may be looming. Users
5 min
IT Ops
Log Management 101 - Where Do Logs Come From?
We’ve had a lot of people asking for the Log Management
Primer for a while
now. And, surprisingly, many of these folks have a strong technical background,
including developers. Some want it for themselves, and some want it to pass on
to a colleague, manager, etc. I’m going to explain what logs are, where they
come from and how you can get your logs.
If you’re a developer, this post probably isn’t for you as we don’t dig into the
code
1 min
Research
A Pentester's Introduction to SAP & ABAP
If you're conducting security assessments on enterprise networks, chances are
that you've run into SAP systems. In this blog post, I'd like to give you an
introduction to SAP and ABAP to help you with your security audit.
The full SAP solution (ERP or SAP Business Suite) consists of several
components. However, to manage the different areas of a large enterprise,
probably one of the better known components or features of the SAP solution is
the development system based on ABAP
2 min
Metasploit
Weekly Metasploit Update: Patching Ruby Float Conversion DoS (CVE-2013-4164)
Metasploit 4.8.1 Released
Thanks to the revelations around the recent Ruby float conversion denial of
service, aka CVE-2013-4164
discovered and reported by Charlie Somerville, this week's release is pretty
slim in terms of content; on Friday (the day of the first disclosure), we pretty
much dropped everything and got to work on testing and packaging up new
Metasploit installers that ship with R