1 min
IT Ops
Best Practices for Container Log Analysis: Part 2
This 3-part series explores the challenges presented by containers and the
advantages of using an end-to-end container log monitoring solution for complete
container environment visibility.
When working with containers, setting up a local image repository like Docker’s
Registry can enable a team to iterate quickly, easily storing image versions in
a central location to be used as needed. Yet as multiple team members update
images, start, st
1 min
IT Ops
Best Practices for Container Log Analysis: Part 1
This 3-part series explores the challenges presented by containers and the
advantages of using an end-to-end container log monitoring solution for complete
container environment visibility.
As container environments become mainstream, it’s important to consider the most
common challenges of migrating a monolithic application into containerized
microservices and how to overcome them.
While containers introduce new levels of flexibility from
6 min
Vulnerability Disclosure
Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)
Prior to RStudio version 0.99.473, the RStudio integrated toolset for Windows is
installed and updated in an insecure manner. A remote attacker could leverage
these flaws to run arbitrary code in the context of the system Administrator by
leveraging two particular flaws in the update process, and as the RStudio user
via the third update process flaw. This advisory will discuss all three issues.
Since reporting these issues, RStudio version 0.99.473 has been released. This
version addresses all
13 min
Metasploit
Using Reflective DLL Injection to exploit IE Elevation Policies
As you are probably aware, sandbox bypasses are becoming a MUST when exploiting
desktop applications such as Internet Explorer. One interesting class of sandbox
bypasses abuse IE's Elevation Policies. An example of this type of sandbox
bypass is CVE-2015-0016
. The
vulnerability has already been analyzed by Henry Li, who published a complete
description in this blog entry
2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
3 min
IT Ops
What is Elastic Logging?
We’re all familiar with the concept of “Elasticity” – the way cloud
infrastructures can automatically react to their required workloads, scaling
resources up or down as needed. While elastic environments provide us with much
needed flexibility, they have also historically presented challenges when trying
to monitor activity from their ephemeral components. Automatically accounting
for new nodes can be tricky while scaling up. And when scaling down, data
associated with these nodes is potentially
3 min
The Absence of Evidence in Breaches
Try this experiment. Go to your favorite search engine and type this:
”no evidence” security compromise
(Other variations are also interesting, including adding words like “breach”)
There is something about the phrase “no evidence” that troubles me. You may have
noticed the same thing. On a regular basis organizations say that there is no
evidence of compromise, and no evidence that attackers gained access to
user/customer/employee data. They write these phrases to lessen the blow of what
is
1 min
Nexpose
The Easy Button for Updating your Nexpose Database
Relax while Nexpose does the work for you
You may have received notifications that you need to update your Nexpose
database soon in order to continue receiving product updates. You may have been
putting it off because it sounds like a pain.
Good news: it's simple!
Have you seen the Staples commercials with the “easy button?” Nexpose basically
has that for the update. You don't have to go in to your database and mess
around with an upgrade wizard. Nexpose handles all that for you. All you ha
14 min
IT Ops
State of Log Management for AWS
Introduction
The Log Management
industry was traditionally driven by regulatory compliance and security concerns
resulting in a multi-billion dollar market focused on security and information
event management (SIEM) solutions. However, log management has evolved into a
market that is focused on both the management and analytics of log data. Log
management technologies are becoming more powerful and dynamic, allowing for
data to be
3 min
IT Ops
Using Log Aggregation Across Dev & Ops: The Pricing Advantage
Rob Thatcher is Co-founder and Principal Consultant at Skelton Thatcher
Consulting .
Summary: the pricing of tools or licenses for log aggregation can have a
significant effect on organizational culture and the collaboration between Dev
and Ops teams.
Modern tools for log aggregation (of which Logentries is
one example) can be hugely enabling for DevOps approaches to building and
operating business-critical software systems. However, the pri
5 min
Exploits
Revisiting an Info Leak
Today an interesting tweet
from Greg
Linares (who has been posting awesome
analysis on twitter lately!) came to our attention, concerning the MS15-080
patch:
This patch (included in MS15-080) may have been intended stop one of the Window
kernel bugs exploited by Hacking Team. But, after our analysis, it appears that
there is
2 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup: Hackers of Might and Magic
Vegas: That's a Wrap
Well, another trek out to the Nevada desert is behind us. I actually love
heading out there every year, since it gives me a chance to connect with a
sizable chunk of the Metasploit contributor community in a corporeal way. That
just fills me with warm fuzzies, so thanks to all of you who made the
pilgrimage. You, the open source security research community, is what makes
Vegas feel a lot homier than it ought to.
Speaking of community, now that we're past the Vegas Singulari
1 min
Metasploit
Metasploit on Kali Linux 2.0
As you are aware, Kali 2.0
has been released this
week and getting quite a bit of attention, as it should. Folks behind Kali have
worked really hard to bring you the new version of Kali Linux that everyone is
excited about. If you have already started to play with the new version, you
probably have realized that something is different, that is; Metasploit
Community / Pro is no longer installed by default.
Where is Metasploit Community / Pr
3 min
Metasploit
Metasploit Local Exploit Suggester: Do Less, Get More!
Meet Lester, the Exploit Suggester
Hey there, my name is Mo ( Mohamed Sadek ). I am
currently an intern at Rapid7, working with the Metasploit team in Austin. After
some research, testing, and more than a few energy drinks, sinn3r (sinn3r
) and I have authored the first version of the
Metasploit Local Exploit Suggester, or Lester for short. Lester is a post module
that you can use to check a system for local vulnerabilities, using the
11 min
Exploits
Exploiting a 64-bit browser with Flash CVE-2015-5119 (Part 2)
This post is a continuation of Exploiting a 64-bit browser with Flash
CVE-2015-5119
, where we explained how to achieve arbitrary memory read/write on a 64-bit IE
renderer. As a reminder, we are targeting Windows 8.1 / IE11 (64 bits) with
Flash 15.0.0.189. Of course, this write-up may contain a few errors, so your
mileage may vary =)
Where we left off before, we had created an interface to work with memory by
using a corrupted