6 min
IT Ops
Do You Still Email Yourself from Your Code? How to Stop the Madness
A few years back now, I took on an assignment to help a company modernize a
series of legacy .NET applications. One of these did some back office
processing. A vendor would stick some files on a shared drive, and a windows
scheduled task would invoke this bit of code to parse the file, apply a whole
slew of business rules to its contents, and then update the appropriate internal
systems. The details are both proprietary and uninteresting, so I will spare
you those.
The author of this appli
2 min
InsightIDR
What's the Difference Between InsightIDR & InsightUBA?
We're now a few weeks into our InsightIDR launch, and the response has been
tremendous – thank you! The Insight Platform is purpose-built to help you detect
and investigate attacks earlier across your entire network ecosystem. InsightIDR
builds upon the tested User Behavior Analytics and full functionality in
InsightUBA (formerly UserInsight), and adds powerful log search, investigation,
and compliance dashboards for an end-to-end Incident Detection and Response
offering.
Everything in InsightU
13 min
IT Ops
The 4 Steps for Creating a Log Enabled Marketing Campaign
Typically, most logging activity in the online world is concerned with
collecting information about an enterprise’s digital infrastructure. Machine
logs, application logs, network logs, database logs, access logs are a few
examples of such activity. However, as marketing campaigns become more
integrated into application activity, using log data to monitor and to measure
the effectiveness of a campaign is a viable extension of an enterprise’s current
logging activity.
But, we need to beware.
4 min
Vulnerability Disclosure
R7-2016-02: Multiple Vulnerabilities in ManageEngine OpUtils
Disclosure Summary
ManageEngine OpUtils is an enterprise switch port and IP address management
system. Rapid7's Deral Heiland discovered a persistent cross-site scripting
(XSS) vulnerability, as well as a number of insecure direct object references.
The vendor and CERT have been notified of these issues. The version tested was
OpUtils 8.0, which was the most recent version at the time of initial
disclosure. As of today, the current version offered by ManageEngine is OpUtils
12.0.
R7-2016-02.1:
5 min
IoT
R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)
This advisory was written by the discoverer of the NPort issue, Joakim Kennedy
of Rapid7, Inc.
Securing legacy hardware is a difficult task, especially when the hardware is
being connected in a way that was never initially intended. One way of making
legacy hardware more connectable is to use serial servers. The serial server
acts as a bridge and allows serial devices to communicate over TCP/IP. The
device then appears on the network as a normal network-connected device. This
allows for remote
3 min
Nexpose
How to use Nexpose to find all assets affected by DROWN
Introduction
DROWN is a cross-protocol attack against OpenSSL. The attack uses export cipher
suites and SSLv2 to decrypt TLS sessions. SSLv2 was developed by Netscape and
released in February 1995. Due to it containing a number of security flaws, the
protocol was completely redesigned and SSLv3 was released in 1996. Even though
SSLv2 was declared obsolete over 20 years ago, there are still servers
supporting the protocol. What's both fascinating and devastating about the DROWN
attack, is that se
4 min
Public Policy
Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201
On Mar. 3rd, Rapid7, Bugcrowd , and HackerOne
submitted joint comments to the Copyright Office urging
them to provide additional protections for security researchers. The Copyright
Office requested public input
as part of a study on Section 1201
of the Digital Millennium
Copyright Act (DMCA). Our comments to the Copyright Office focused on reforming
5 min
IT Ops
Brics Vs RE2/J
By Benoit Gaudin and Mark Lacomber
Regular Expressions
When it comes to searching unstructured data, regular expressions are a very
useful and powerful tool. The power provided by popular regular expression
libraries does come with a significant performance cost in some cases though,
both when compiling regular expressions into automata (state explosion problem
when determinising automata) and when using these automata to match input. These
constraints are usually acceptable for individuals ne
3 min
Release Notes
Weekly Metasploit Wrapup: March 14, 2016
Scanning for the Fortinet backdoor with Metasploit
Written by wvu
Metasploit now implements a scanner for the Fortinet backdoor. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
5 min
IT Ops
A point of @Contention- cache coherence on the JVM
Java 8’s major changes- lexical closures, the stream API, e.t.c have
overshadowed a slew of little gems, one of which I only discovered the other
day- the @Contended annotation.
False Sharing
Chances are you’re reading this on a device with more than one CPU. There’s
therefore also quite a good chance the you have more than one thread of
execution running at the exact same time. There’s an equally good chance that
some of your fancy multiprocessor CPU’s on-die memory (aka L2/3 cache) is share
3 min
Atomic Design @ Rapid7
Device-Level Design Should Not Be A Thing
Large monitors, small monitors, laptops, tablets, smartphones, smartwatches,
toasters, refrigerators…where will it end? Nowadays, application designers need
to consider a plethora of devices as they design. While we are not considering
designing Nexpose and InsightIDR for your toaster, maybe one day we will!
Although, Brad Frost tells the world of design that device-level design is an
outdated concept. That's news to our ears! Let's look at this more c
3 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 3
This is the third post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Here's Part 1
and
Part
2 .
Intelligence Analysis in Security Operations
In the first two parts of this series we talked about frameworks for
understanding and approaching intelligenc
5 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 2
This is the second post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Read Part One here
.
Tinker, Tailor, Soldier, Spy: Utilizing Multiple Types of Intelligence
Just as there are different operational levels of intelligence—discussed in
detail in the first post
4 min
IT Ops
Deciphering MySQL Logs: The What, Why, and How
Logs are one of the best ways to understand what a server is doing. Thankfully,
MySQL has no shortage of log activity to assist a DBA in its maintenance. It
writes out its activity to 5 different logs. This post will take a look at the
existing MySQL logs and how they assist the administrator.
* On Windows, - The log is written to the data directory with a .err extension
even if not explicitly enabled.
* Errors are automatically written to the Event Log. This behavior is standard
and
4 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 1
This is the first post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations.
There is a consensus among many in threat intelligence
that the way
the community has approached threat intelligence in the past - i.e, the “Threat
Data → SIEM → Magical Security Rainbows” approach has left something to be
desired, and that something is usu