4 min
IT Ops
Logs To Understand User Activity and Behavior
Logging user activity is a great way to understand what users are doing, and how
they are using network and computing resources. Collecting data from the
standpoint of a user identity or login is a great way to correlate all kinds of
information, too, including client or workstation activity, network and server
access, and application usage. This provides a unique opportunity to make use of
Logentries’
4 min
InsightIDR
12 Days of HaXmas: Designing Information Security Applications Your Way
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
with 12 days of blog posts on
hacking-related topics and roundups from the year. This year, we're highlighting
some of the “gifts” we want to give back to the community. And while these gifts
may not come wrapped with a bow, we hope you enjoy them.
Are you a busy Information Security professional that prefers bloated web
applications, fancy interactions, unnecessary visuals, and overloaded scr
6 min
IoT
12 Days of HaXmas: 2016 IoT Research Recap
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
As we close out the end of the year, I find it important to reflect on the IoT
vulnerability research conducted during 2016 and what we learned from it. Th
5 min
Haxmas
12 Days of HaXmas: The One Present This Data Scientist Wants This Holiday Season
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
> “May you have all the data you need to answer your questions – and may half of
the values be corrupted!”
> - Ancient Yiddish curse
This year, Christm
7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
, which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
6 min
IT Ops
The Value of Correlation IDs
In the old days when transactional behavior happened in a single domain, in
step-by-step procedures, keeping track of request/response behavior was a simple
undertaking. However, today one request to a particular domain can involve a
myriad of subsequent asynchronous requests from the starting domain to others.
For example, you send a request to Expedia, but behind the scenes Expedia is
forwarding your request as a message to a message broker. Then that message is
consumed by a hotel, airline
4 min
User Behavior Analytics
SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds
Security Information and Event Management (SIEM)
is security's Schrödinger's cat.
While half of today's organizations have purchased SIEM tools, it's unknown if
the tech is useful to the security team… or if its heart is even beating or
deployed. In response to this pain, people, mostly marketers, love to shout that
SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0,
Security Analytics, User & Entity Behavior Analytics
6 min
Automation and Orchestration
Cybersecurity careers and the certifications needed
Synopsis
Cybersecurity has become one of the top sought after careers in the Information
Technology field. Careers ranging from an ethical hacker to a security auditor.
With so many options to choose from, where do you start to pursue such a
purposeful and exciting future? I will explain some of the top certifications
that are offered and what fields they are associated with.
Institutes and their certifications
International Information Systems Security Certification Consortium, Inc. (ISC)2
7 min
Rapid7 Perspective
2017 Cybersecurity Horoscopes
What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked
crystal balls, and cast runes to peer into the future. See what the signs have
in store for you in the new year.
Sage Corey Thomas, Rapid7
Gazing into the future of 2017, I believe we will continue to see market
consolidation of security vendors. With a focus on increasing productivity,
organizations will move further from disparate, point-solutions that solve just
one problem to solutions that can be leveraged through
3 min
Nexpose
"Informational" Vulnerabilities vs. True Vulnerabilities
A question that often comes up when looking at vulnerability management
tools is, “how many vulnerability checks do you have?” It makes sense on the
surface; after all, less vulnerability checks = less coverage = missed
vulnerabilities during a scan right?
As vulnerability researchers would tell you, it's not that simple: Just as not
all vulnerabilities are created equal, neither are vulnerability checks.
How “True”
5 min
Automation and Orchestration
Inspecting Network Traffic with tcpdump
Synopsis
Tcpdump, as the name suggests, captures and dumps(writes) the network
traffic passing through a given server’s or node’s network interfaces . It is a
classic command line tool written in 1987 and remains one of the most
powerful tools for analyzing network traffic. Many options and filters available
in the tool makes it easier to slice and dice the data. The data then can be
used by network administrators and enthusiasts for many purposes such as,
security & forensic analyses, trouble s
5 min
Automation and Orchestration
How to Install OpenVPN on Windows
Synopsis
With the growth of online privacy and security concerns, as well as people
wanting to work around geo-restrictions, VPNs are becoming much more mainstream.
They no longer rest in the realm of security professionals and the overly
paranoid. OpenVPN is the most secure VPN protocol you can use and this guide
will teach you what it is, as well as how to install it on Windows.
If you are looking to install OpenVPN on another operating system, visit their
website
4 min
Incident Detection
Web Shells 101: Detection and Prevention
2016 has been a big year for information security, as we've seen attacks by both
cybercriminals and state actors increase in size and public awareness, and the
Internet of Things comes into its own as a field of study. But today we'd like
to talk about a very old (but no less dangerous) type of attacker tool – web
shells – and new techniques Rapid7 is developing for identifying them quickly
and accurately.
What is a Web Shell?
Web shells are web-based applications that provide a threat actor wi
2 min
Metasploit
Metasploitable3 CTF Competition: Update and Leaderboard!
The Metasploitable3
Capture The
Flag Competition has
been underway for about a week now and the submissions have been pouring in!
We're very excited to see so many great submissions. We're reviewing as fast as
we can so if you don't hear back from us right away, don't worry, you will. For
all valid submissions we will update this blog post and subsequent ones with the
le
5 min
IT Ops
The Generosity of Thought: Caring and Sharing in the Open Source Community
I want to share something with you that is pretty amazing. But, before I do,
allow me to provide the backstory.
The Backstory
I’ve been using Open Source Software (OSS) for a while now. I started with the
big ones, Apache , Maven , MySQL
, etc…. But, as time went on and my work became more
specialized, I started using smaller projects. When you use the big projects
such as Maven and Apache, there’s a boatload of books, video