4 min
IT Ops
Log Analysis for System Troubleshooting
Systems of all kinds create log data constantly and voluminously. In searching
out the most compelling reasons to dig into and analyze such data, we compiled a
list of seven reasons that usually drive such activity. In this blog post we
tackle the first of those 7, which include:
1. System troubleshooting
2. Security incident response
3. Security troubleshooting
4. Performance troubleshooting
5. Understanding user behavior or activities
6. Compliance with security policies
7. Complianc
3 min
Metasploit
Metasploit Weekly Wrapup: March 10, 2017
The last couple of weeks in the infosec world have appeared busier, and buzzier,
than most others. It seems almost futile to pry everyone away from the current
drama--that being the bombshell revelation that intelligence agencies collect
intelligence--long enough to have them read our dev blog. Regardless, we've
been busy ourselves. And if you're the least bit like me, you could probably
use a quick respite from the cacophony. Keeping up with all the noise is enough
to make anyone feel lik
5 min
CIS Controls
The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Stop No. 5 on our tour of the CIS Critical Security Controls
(previously
known as the SANS Top 20 Critical Security Controls) deals with Secure
Configuration for Hardware and Software on Mobile Devices, Laptops,
Workstations, and Servers. This is great timing with the announcement of the
death of SHA1. (Pro tip: don't use SHA1
3 min
Automation and Orchestration
Sybil Attacks, Detection and Prevention
Synopsis
Sybil attacks are named after a fictional character with dissociative identity
disorder. Sybil Attacks are attacks against the reputation of online social
networks by proliferation of fake profiles using false identities. Fake profiles
have become a persistent and growing menace in online social networks. As
businesses and individuals embrace social networks the line between physical and
online world is getting blurred. Hence it is critical to detect, prevent and
contain fake accounts i
4 min
Honeypots
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with
Nexpose's web spider functionality. This check will be performed against any
URIs discovered with the suffix “.action” (the default configuration for Apache
Struts apps). To learn more about using this check, read this post
.
UPDATE - March 9th, 2017: Scan your network for this vulnerability
4 min
Microsoft
Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits
It is fair to say that Microsoft Office and OpenOffice are some of the most
popular applications in the world. We use them for writing papers, making slides
for presentations, analyzing sales or financial data, and more. This software is
so important to businesses that, even in developing countries, workers that are
proficient in an Office suite can make a decent living based on this skill
alone.
Unfortunately, high popularity for software also means more high-value targets
in the eyes of an
3 min
Komand
Security Orchestration and Security Automation: What is the Difference?
What's the difference between security orchestration and security automation?
While you probably understand that they are different, you may not know exactly
where the line is drawn between them or how they fit together. In this post,
we'll explain what each one means and how security orchestration and automation
can be used together to move
security operations forward.
What is Security Orchestration? The Bridge Between Tools and Processes
As
3 min
CIS Controls
The CIS Critical Security Controls Explained - Control 1: Inventory and Control of Hardware Assets
The Rapid7 Security Advisory Service relies heavily on the CIS top 20 critical
controls as a framework for security program analysis because they are
universally applicable to information security and IT governance. Correct
implementation of all 20 of the critical controls greatly reduces security risk,
lowers operational costs, and significantly improves any organization's
defensive posture. The 20 critical controls are divided into Basic,
Foundational, and Organizational families, and each con
4 min
Vulnerability Disclosure
The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained
TL;DR
This week a vulnerability was disclosed, which could result in sensitive data
being leaked from websites using Cloudflare's proxy services. The vulnerability
- referred to as "Cloudbleed" - does not affect Rapid7's solutions/services.
This is a serious security issue, but it's not a catastrophe. Out of an
abundance of caution, we recommend you reset your passwords, starting with your
most important accounts (especially admin accounts). A reasonable dose of
skepticism and prudence will go
8 min
IT Ops
Roots and Culture: Logging and the Telephone Bill
Telephone systems were the Internet before there was an Internet.
Think about it.
By 1920 millions of people were exchanging data on a worldwide network using a
device that connected on demand. Sounds like the Internet to me.
But unlike the current day Internet, the telephone system cost money to use.
Alexander Graham Bell’s investors wanted it that way. That’s why they gave him
the money. Thus, people who used the telephone system had to pay for it. So
going as far back as 1877, every mont
2 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup: 2/23/17
I gave at the office
The office can be a popular place when it comes to giving. From selling kids'
cookies/candy to raising awareness for a charity, the opportunity to 'give at
the office' is definitely a thing. And now, thanks to Office macros, Metasploit
offers a new way to give (and receive!) at 'the Office'.
These days, using malicious macros in office productivity programs is still a
common attack vector. Designed with a handful of word-processing programs in
mind (including some open sour
4 min
Komand
Comparing and Modifying Objects in React
A central feature of the React framework is
that a component will re-render when its properties change. Additional action,
or deliberate inaction, can also be taken on a change of properties using
componentWillRecieveProps() -- at which point you’ll do your own comparison of
the new and old props. In both cases, if the two properties in question are
objects, the comparison is not so straightforward.How do I easily modify and
compare javascript objects by some
4 min
CIS Controls
The CIS Critical Security Controls Explained - Control 2: Inventory and Control of Software Assets
As I mentioned in our last post, the 20 critical controls
are divided
into Basic, Foundational, and Organizational families in order to simplify
analysis and implementation. This also allows partial implementation of the
controls by security program developers who aren't building a program from
scratch, but want to apply all 20 of the controls. The first two controls of the
Center for Internet Security's (CIS) Critical Controls are
6 min
Komand
Incident Investigation: It's All About Context
When security operations centers or security teams have data output from our
security devices or from threat intelligence sources, it all too often lacks any
sort of reasonable context on which to base an investigation.
When we have Indicators of Compromise (IoCs) that define a particular type of
attack, often largely IP addresses and file hashes, this can make a very
difficult starting place; inefficient at best, paralyzing at worst. Data with no
intelligence lacks context and we need context
4 min
Automation and Orchestration
Automated Cybersecurity Information Sharing with DHS AIS system
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we reviewed incident response life cycle
,
as defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
The NIST document contains recommendations on incident information sharing.
Besides these recommendations and organization’s internal procedures, there are
legal requirem