11 min
Automation and Orchestration
GDB for Fun (and Profit!)
Who Should Read This?
Have you ever wondered why your code doesn’t work? Do you ever find yourself
puzzled by the way someone else’s program works? Are you tired of spending night
after tearful night poring over the same lines of code again and again,
struggling to maintain your sanity as it slips away? If this sounds like you or
someone you know, please seek help: use a debugger.
What Is a Debugger?
For those of you that have never used a debugger:
1. I’m so sorry
2. Please read on
A debug
3 min
IT Ops
Exploiting Zookeeper for managing processes in a production environment with Lockex
Lock and execute!
As an engineer here at Logentries
I need to maintain a complex system that has requirements for being available to
our customers. We always build systems with the ability to be resistant to
failure.
In our environment, we have processes and dae
10 min
Metasploit
A Short Approach: The Cisco ASA 5505 as a Stepping Stone Into Embedded Reverse Engineering
Back in February, Exodus Intelligence released their blog entry titled "Execute
My Packet", which detailed their discovery and exploitation of CVE-2016-1287.
Since then, I've fielded numerous requests for modules and witnessed much
discussion generated from it. From this discussion, I've gathered that many
researchers seem to consider the Cisco ASA as an unruly beast, difficult to
approach, even harder to tame. I feel that this is far from the truth, and this
article is a response to such not
4 min
Komand
How to Create a Culture of Security Ownership Across Your Organization
Company culture is a phrase that means different things to many people. From the
company mission statement to the performance of a team, culture is often an
amalgamation of leadership values and individual employee contributions.
Security, and its many variants (cybersecurity, infosec, et. al), isn’t always a
word associated with “culture”. But in today’s digital landscape, it absolutely
should be.
Building a successful company culture often comes down to three elements:
people, processes, and
3 min
Komand
SOC Series: How to Structure and Build a Security Operations Center
Building an effective security operations center (SOC)
requires
organizing internal resources in a way that improves communication and increases
efficiencies. Adding to a former post,When to Set Up a Security Operations
Center
, we're now offering a framework for organizing the three key functions of a
SOC: people, proce
3 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup 16
We have a new module from rastating which exploits an unauthenticated file upload vulnerability in the popular WordPress plugin, Ninja Forms.
14 min
Automation and Orchestration
Working with Bro Logs: Queries By Example
Synopsis:
Bro , a powerful network security monitor, which by default
churns out ASCII logs in a easily parseable whitespace separated (column) format
from network traffic, live or PCAP. Because this logs are in the aforementioned
format it makes them very hackable with the standard unix toolset. If you’re an
experienced unix user with ample networking knowledge you probably have all the
know-how to immediately pull useful data from Bro logs. If you’re not familiar
with the stan
3 min
Komand
SOC Series: When to Setup a Security Operations Center
To build a successful security function, you need to coordinate across people,
processes, and technology. And the stakes have never been higher than they are
today when it comes to information security, which is why many businesses are
looking for ways to centralize security operations by way of a security
operations center (SOC)
(SOC Series: When to Setup a Security Operation).
When it comes to achieving cohesion, SOCs are a ma
15 min
Automation and Orchestration
Nagios Series: Deployment Automation Tips and Tricks
Synopsis:
In this article I will be sharing some ideas that I’ve used from my experiences
that will help streamline and take a lot of the work out of managing a Nagios
deployment. I will go into multiple ways to manage your deployment. As you read
on I will introduce a more complete solution. We will begin with git and cron,
extend that to use subtrees, and then move along to an enterprise deployment
with Puppet and ERB along with the aforementioned tools.
Git:
My philosophy is that just about
5 min
Nexpose
Focusing on Default Accounts - Targeted Analysis With Nexpose
In my last blog post I went in depth on Impact Driven Analysis and Response
, an often-overlooked but very handy
analysis option in Nexpose. Today I'd like to talk about another great option
for analysis - filtering assets based on their discovered vulnerabilities by
Vulnerability Category. We will use Filtered Asset search to take a focused look
at a specific category: Default Account findings.
Default accounts are high significance findings with low e
1 min
IT Ops
Integrating Logentries With .NET The How and Why
A robust logging strategy opens up a world of potential improvements for your
.Net applications through application logging. Application logging provides
valuable insight. Insight that can only benefit your network application stack
since your .Net application is the front line for enhancing your customer’s
experience.
Bringing meaning to all the potential information that your .Net application can
collect is what Logentries does best. Logentries makes getting this valuable
information into y
4 min
Nexpose
Impact Driven Risk Analysis and Response With Nexpose
Today I'd like to highlight an often overlooked but very handy analysis option
in Nexpose - filtering assets based on their discovered vulnerability CVSS
Impact Metrics (Confidentiality, Integrity, Availability).
We will use RealContext tags and Filtered Asset Search to answer the following
questions:
* Are there any Availability Impact findings on High Availability systems? (
i.e. web servers, authentication servers)
* Are there any Confidentiality Impact findings on systems with Highly
6 min
Komand
Building SVG Maps with React
Here at Komand, we needed a way to easily navigate around our workflows. They
have the potential to get complex quickly, as security workflows involve many
intricate steps.
To accomplish this task, we took an SVG approach to render our workflow
dynamically (without dealing with div positioning issues). This gave us the
power of traditional graphics to do a variety of manipulations on sub
components.
In this walkthrough, we will useInteractive SVG Components
4 min
IT Ops
Intrinsically fast: more JVM performance tinkering
I didn’t expect my last post
on JVM perf to
be so well received, so I thought I’d carry on digging into why your code does
(or doesn’t) run fast! Let’s forget about concurrency for now and instead focus
on the executable machine code that the Java Virtual Machine (and particularly
HotSpot) generates.
In Java-land it’s pretty common to hear people mention stuff about ‘warmup
times’, especially in the context of an incendiary micro
7 min
IT Ops
Implementing Self-Describing Log Data Using NodeJS
In my previous article, How to Ensure Self-Describing Log Data using Log4Net
, I showed you
a technique that made structuring your logging information as key-value and
JSON under Log4Net an easier undertaking. In this article I am going to apply
the same concepts to NodeJS. I’ll show you how to make it so that so you can
ensure logging uniformity among all the NodeJS developers in your enterprise
with little to no additional effo