3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.
2 min
Metasploit
Firewall Egress Filtering
Why And How You Should Control What's Leaving Your Network
Most companies have firewall rules that restrict incoming traffic, but not
everyone thinks to restrict data leaving the network. That's a shame, because a
few easy configurations can save you a lot of headaches.
Firewall egress filtering controls what traffic is allowed to leave the network,
which can prevent leaks of internal data and stop infected hosts from contacting
their command & control servers. NAT alone won't help you - you ac
2 min
Nexpose
Rapid7 part of VMware NSX Partner ecosystem
We're very excited that VMware is showcasing Rapid7 as an official VMware NSX
Partner
at VMworld 2013 this week, demonstrating how we provide best-in-class
vulnerability management for virtual networks.
Rapid7 has been a longtime partner with VMware. In 2011, we introduced our
vAsset discovery
method that allows Nexpose to have real-time visib
9 min
Upcoming G20 Summit Fuels Espionage Operations
The international policy and financial community is in ferment for the upcoming
G-20 summit, scheduled to kick-off in St Petersburg, Russia, in two weeks from
now. The "Group of Twenty" consists of political leaders, finance ministers and
bank governors from 19 economically-prominent countries, along with
representatives of European Union institutions.
The group has been meeting regularly every year since 2008 in private meetings
where the participants discuss and agree on international financ
3 min
Product Updates
Weekly Update: Cooperative Disclosure and Assessing Joomla
Cooperative Disclosure
I'm in attendance this year at Rapid7's UNITED Security Summit, and the
conversations I'm finding myself in are tending to revolve around vulnerability
disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every
day, it happens often enough that we have a disclosure policy that we stick to
when we get a hold of newly uncovered vulnerabilities.
What's not talked about in that disclosure policy is the Metasploit exploit dev
community's willingness to help
9 min
Malware
ByeBye Shell and the targeting of Pakistan
Asia and South Asia are a theater for daily attacks and numerous ongoing
espionage campaigns between neighboring countries, so many campaigns that it's
hard to keep count. Recently I stumbled on yet another one, which appears to
have been active since at least the beginning of the year, and seems mostly
directed at Pakistani targets.
In this article we're going to analyze the nature of the attacks, the
functionality of the backdoor - here labelled as ByeBye Shell - and the quick
interaction I h
2 min
Microsoft
August Patch Tuesday
Oh noes! Fire! Look out! Run in circles, scream and shout! There's a remotely
exploitable, publicly disclosed, critical remote code execution vulnerability in
Microsoft Exchange (MS13-061)! Prepare for the end of teh interwebs.
But wait, is it really remotely exploitable? Well, not in the sense that user
interaction is not required, it's a parser issue that is only triggered by a
user opening a malicious message in Outlook Web Access (OWA).
Okay, but it's still publicly disclosed right? I mean
2 min
IT Ops
Field-level search
Back in July we announced a substantial improvement to our search functionality,
searching your log data with logical operators
. Today we are happy to announce
another big step in improving our search facility. You can now perform **
field-level searches **in Logentries.
Field-level searches allow you to search for events where a particular field is
equal to, less than or greater than a particular value and thus al
0 min
Metasploit
SecureNinjaTV Interview: Tod Beardsley About Metasploit 10th Anniversary
At Black Hat 2013 in Vegas this year, our very own Tod Beardsley was cornered by
SecureNinja TV and social engineered into giving an interview. Here is the
result - captured for eternity:
Click here to download Metasploit Pro
3 min
IT Ops
Build your own SMS Alerts--Logentries and Clickatell Combined!
*
This is a guest blog post by Jason Ruane, the technical director at Moposa
, a place for brides and grooms to plan and manage their
wedding. In this post Jason, describes how he used Logentries webhook alerts and
Clickatell to receive Logentries alerts via SMS. Jason and his team are long
time users of logentries, analyzing all their logs from multiple servers in one
centralized, cloud location.
How I receive my Logentries
2 min
Nexpose
Bulk Asset Delete Operations via the Asset Filter Page
The latest release of Nexpose allows a user to delete multiple assets at once
via either the site page or the asset group listing page. However, if a user
needs to delete a range of assets which aren't represented by an existing site
or group he can use the Asset Filter page to build a query and then define an
asset group through which the bulk delete operation can be invoked.
Clicking on the Asset Filter button will bring up a new page that allows you to
build an Asset Filter query that can
3 min
IT Ops
How to Best Structure your Logs: Log Analysis Tips and Best Practices with Gal Segal from eToro
This week we have a guest blog post by Gal Segal. Gal is an engineer at eToro
, the worlds Largest Social
Trading & Investment Network. In this post Gal shares his thoughts on log
analysis best practices including tips on how best to structure your logs as
well as some useful patterns that can be applied within your log events. He also
discusses how to use Logentries’ new log search
functionality to more easily
7 min
Nexpose
Asset Discovery Troubleshooting Guide
This guide is designed to show you how to determine the cause of and solution to
the most common difficulties experienced during asset discovery in Nexpose.
The following common issues will be covered here:
1. None or only a few assets are found to be alive
2. Scan appears to hang or is taking too long after finding live assets
3. Incorrect number of open ports on one or more assets
After reviewing the issue that applies to your scan head down to the end of this
guide for detailed troubles
7 min
Nexpose
Simplifying Security Programs with Nexpose 5.7
We are pleased to announce the next version of Nexpose, version 5.7. This
release focuses on helping to provide context on how well your Security Program
is performing and helping you simplify your vulnerability management processes
to help you save time.
The last release of Nexpose, Nexpose 5.6
, introduced the
new Top Remediation
7 min
Metasploit 4.7's New MetaModules Simplify Security Testing
Even when offensive security techniques have been publicly discussed at
conferences and proof of concept code or open source tools are available, using
them in your projects can be very time consuming and may even require custom
development. Metasploit Pro
4.7 now introduces
MetaModules, a unique new way to simplify and operationalize security testing
for IT security professionals.
MetaModules automate common yet complicated security tests