2 min
IT Ops
How to Log with the Docker Logentries Container
Logentries offers a variety of ways to get logs out of your containerized
environment , including our
Linux Agent, application plugin libraries, and Syslog. In this post we’ll cover
collecting and forwarding logs via our Docker Logentries Container, which
requires Docker 1.5 or higher.
To configure the Docker Logentries Container you’ll need to do the following:
* Create a destination log in your Logentries account to record your Docker
lo
8 min
Metasploit
Wassenaar Arrangement - Frequently Asked Questions
The purpose of this post is to help answer questions about the Wassenaar
Arrangement. You can find the US proposal for implementing the Arrangement here
,
and an accompanying FAQ from the Bureau of Industry and Security (BIS) here
. For Rapid7's
take on Wassenaar, and information on the comments we intend to submit to BIS,
please read this companion pie
2 min
Malware
What Exactly is Duqu 2.0?
Overview:
Duqu, a very complex and modular malware platform thought to have gone dark in
late 2012, has made its appearance within the environment of Kaspersky Labs.
Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware
represents a high level of sophistication, skill, funding and motivation seen by
nation-sponsored actors. Infections related to this malware have reveale
3 min
How to be a Combination King
I recently spent a wonderful week in London to participate in Infosecurity
Europe as part of a larger group of
internationally-based Rapid7 employees. If you've been to many events, you know
that vendors quite often come up with clever ways to attract people to their
booth through giveaways, technical presentations, and product demonstrations.
Lucky for me, our booth happened to be right next to a vendor who had a rather
neat contest involving a keypad lock
1 min
MsfPayload and MsfEncode are Being Removed from Metasploit
Oh hi folks,
Last year on December 9th
, we made an official announcement about deprecating MsfPayload and MsfEncode.
They are being replaced by msfvenom. Well, today is the day we pull the plug. We
are currently in the process
of removing these two
utilities, and in a day or two you will never see them from upstream again.
If you are still not so familiar
2 min
Metasploit
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework now ships with Rails 4.0.
Upgrades like this are sometimes hard to get excited about because if everything
goes well, users should see no difference. There are many reasons to upgrade to
Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a b
2 min
Vulnerability Disclosure
Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)
Patch Tuesday last week saw the release of Microsoft security bulletin MS15-034,
which addresses CVE-2015-1635, a remote code execution vulnerability in
Microsoft Internet Information Services (IIS) running on Windows 7 / Server 2008
R2 and later. This vulnerability can be trivially exploited as a denial of
service attack by causing the infamous Blue Screen of Death (BSoD) with a
simple
HTTP request .
In order to provide better assessment of your ass
2 min
Vulnerability Disclosure
Breaking down the Logjam (vulnerability)
What is it
Disclosed on May 19, 2015, the Logjam vulnerability
(CVE-2015-4000
) is a flaw in
common TLS implementations that can be used to intercept secure communications.
This TLS protocol vulnerability would allow an active man-in-the-middle (MITM)
attacker to silently downgrade a TLS session to export-level Diffie-Hellman
keys. The attacker could hijack this downgraded session b
1 min
Metasploit
2015 Metasploit T-Shirt Design Contest: It's On!
Hacker-designers! We need you! Show us your graphic skills, design an epic
Metasploit t-shirt, and win Eternal Fame and Glory!
Ahem, er, rather, we're looking for someone to design this year's Metasploit
t-shirt.
And if you are this year's winning Metasploit t-shirt designer, you will get
$230USD and the notoriety and/or immense personal satisfaction in knowing that
you're the 2015 Metasploit t-shi
3 min
Vulnerability Disclosure
How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?
Today CrowdStrike disclosed VENOM (Virtualized
Environment Neglected Operations Manipulation) or CVE-2015-3456
, a vulnerability
that could allow an attacker with access to one virtual machine to compromise
the host system and access the data of other virtual machines. It's been a few
months since we've seen a branded and logo'd vulnerability disclosure, and the
main question everyone wants to know is wh
2 min
Availability of Metasploit Community & Metasploit Pro Trials Outside US & Canada
Due to changes in regulatory requirements that are applicable to Metasploit (Pro
and Community) and similar products, as of Sunday, April 19, 2015, individuals
outside of the US and Canada who would like to use Metasploit Pro
or the Metasploit
Community Edition will need to request a
license and provide additional information regarding themselves or their
organization designation. In accordance with the
2 min
Compliance
Top 3 Takeaways from the "PCI DSS 3.0 Update"
In this week's webcast, Jane Man and Guillaume Ross
revisited the latest PCI DSS 3.0 requirements. Security
professionals need to be diligent to remain compliant and secure. Jane and
Guillaume discussed some key results from the Verizon 2015 PCI Compliance
Report, tips and tricks for complying with requirements 7, 8, and 10, and
touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways
from the “PCI DSS 3.0 Update: How to Restrict
5 min
Metasploit
Unicode Support in Meterpreter
A short, mostly-accurate history of character encodings
In the beginning, when you wanted to use a computer to store text, there were
not many options - you inherited something from punchcards like EBCDIC or
invented something convenient and unique to your system. Computers did not need
to talk to each other, so there was not much point in standardizing between
vendors. Things were pretty simple.
Then, there came the need for computers and vendors to interoperate and
communicate. Thus, ASCII an
8 min
Metasploit
Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.
The Survey
One month ago we asked the community for feedback about how they use Metasploit
and what they want to see in the Meterpreter payload suite going forward. Over
the course of a week we received over 400 responses and over 200 write-in
suggestions for new features. We have spent the last month parsing through your
responses, identifying dependencies, and actively delivering new features based
on your requests. These requests covered 20 different categories:
General Feedback Metasploit F
6 min
Incident Detection
Let's talk about metrics...
Today I read an article on metrics and it was interesting. Here's the link to
the original article.
I am kind of a metrics geek. When done well, a metrics program can be of extreme
value to a security program. However, when done badly, they can cloud your
vision and make it difficult to notice that your radar is off by a few degrees.
The article addressed severa