2 min
Adaptive Security Overview
In Nexpose 6, we are introducing Adaptive Security, a smarter way to automate
actions taken based on security incidents as they occur in your environment. The
ultimate goal is to give back to security teams the time spent configuring tools
to respond to a threat and automating the tedious and repetitive tasks taken to
understand changes in the asset inventory and the threat landscape.
With Adaptive Security, you can create workflows called automated actions that
respond to new and existing asse
6 min
Metasploit
Flipping Bits in the Windows Kernel
Recently, the MS15-061 bulletin has received some attention. This security
bulletin includes patches for several Windows Kernel vulnerabilities, mainly
related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been
very well covered.
First, the same Udi Yavo published details about the Use After Free on a blog
entry. Later, Dominic Wang wrote a even more
detailed analysis of both the vulnerability and its exploitation on this paper.
Finally, Meysam
1 min
IT Ops
Introducing LEQL: SORT()
If you’re familiar with a query language like SQL, you’re likely used to being
able to sort your query results. When querying log data, sorting your results
can come in handy when you want to analyze things like which Docker containers
are using the most memory
, or which URLs
are being request most frequently from your CDN.
Today, we’re announcing SORT as the latest function introduced into Logentries’
query language, LEQL. Much
3 min
Application Security
All Red Team, All the Time
In last week's blog (which you should read
now if you have not), I said:
> The core problem with security today isn't about technology. It's about
misaligned incentives. We are trying to push security onto people, teams, and
processes that just don't want it.
To be clear, it's not that people don't care. They say they want security, and I
believe them. Or more precisely, part of their brain wants security. People who
want to break a bad habit
2 min
Bugzilla Privileged Bug Disclosure (CVE-2015-4499)
Yesterday, PerimeterX disclosed an issue
in the venerable Bugzilla
bug tracker, which can allow an untrusted attacker to gain access to privileged
bug reports. This includes, of course, privately reported, but still unfixed,
security vulnerabilities. Operators of Bugzilla bug trackers which use e-mail
based permisisons are strongly advised to patch today. This would be a good
place to insert a "yo dawg" joke about bugs in bugs, but I trust yo
10 min
CISOs
Push vs Pull Security
I woke up from a dream this morning. Maybe you can help me figure out what it
means.
Your company hired me to build a security program. They had in mind a number of
typical things. Build a secure software development lifecycle so app developers
didn't code up XSS vulnerabilities. Improve network security with new firewalls,
and rolling out IDS sensors. Set up training so people would be less likely to
get phished. Implement a compliance program like NIST or ISO. And you wanted all
of that rolle
7 min
IT Ops
Do you need an Architect in a Software Company?
This may be a dangerous question to ask for someone whose role is that of an
Architect, but I think it is a valid question for an Architect to ask. This is
particularly true in the software industry where the role is interpreted in many
different ways. In some cases, an Architect may work in an established
enterprise company and hand down instructions on technology stacks to the
developers. At the other extreme an Agile development team may work without the
involvement of an Architect. Neither
7 min
IT Ops
Log Analysis for Containers
Introduction
The IT and DevOps world has come a long way with infrastructure.
Virtualization revolutionized our ability to quickly deploy an application and
scale up services when needed, paying only for the computing power used. Over
the last few years, agile methodologies and continuous delivery have pushed VMs
to their limits. Many teams still repeatedly use a single VM for releases and
testing. Production VMs rarely change unless something goes seriously wrong. At
the pace software develop
4 min
IT Ops
Common Angular Routing Challenges
When it comes to frameworks, no one is perfect. As we migrate the Logentries
application from legacy code to Angular, we’ve encountered a few interesting
challenges along the way that we’ve enjoyed investigating and resolving. While
specific challenges often depend on your project and migration strategy, the aim
of this post is to share our solutions to problems one may encounter when
migrating an app to Angular. In particular, I’ll focus on how Angular handles
routing and some issues we’ve en
2 min
UserInsight Ranks Users by Risky Behavior
UserInsight now ranks risky users through behavioral analytics. UserInsight,
the
User and Entity Behavior Analytics (UEBA) solution
, spots user behavior such as unusual admin activity, authentications to new
assets, and new user locations and highlights users that exhibit several such
behaviors. The User Risk Ranking augments UserInsight's low-noise incident
alerts and enables administrators to g
4 min
Microsoft
Microsoft Attack Surface Analyzer (ASA): It's for defenders too!
Attack Surface Analyzer
, a tool made by
Microsoft and recommended in their Security Development Lifecycle Design Phase
, is meant primarily for
software developers to understand the additional attack surface
their products add to
Windows systems.
As defenders, this tool can be very useful.
The tool is meant to identify changes on
5 min
Phishing
10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks
, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan in case someone
does get th
20 min
Metasploit
A Debugging Session in the Kernel
Last week, an awesome paper
about the MS15-078 vulnerability and it's exploitation was published by Cedric
Halbronn . This vulnerability, originally found
and exploited by Eugene Ching , already has a
work-in-progress module in Metasploit, which you can follow on github
6 min
CISOs
CISOs: Do you have enough locks on your doors?
In a previous blog post
, I referenced
some research on how people plan for, or rather how they fail to plan for,
natural disasters like floods. At the end of the blog post I mentioned that
people who have poor mental models about disasters fail to prepare fully. I keep
coming back to the idea of mental models because it starts to explain why we
have such a gap between security practitioners and senior executives.
I asked one CISO
3 min
InsightIDR
Top 5 Alternatives For SPAN or Mirror Ports
Don’t want to use SPAN ports, but still need a source of network packets? In this blog post we break down the top 5 alternatives for you to consider.