2 min
Microsoft
Patch Tuesday, January 2015 - Dawn of a new era
Microsoft's January 2015 patch Tuesday marks the start of a new era. It seems
that Microsoft's trend towards openness in security has reversed and the company
that was formerly doing so much right, is taking a less open stance with patch
information. It is extremely hard to see how this benefits anyone, other than,
maybe who is responsible for support revenue targets for Microsoft.
What this means is that the world at large is getting their first look at
understandable information about this
4 min
IT Ops
Dynamite Plots, Logs, & the Joy In Knowing
I saw this online and chuckled.
I believe it was Mark Twain that said, “Humor is the good natured side of
truth.” Well, in my humble opinion, humor can be used as the genesis for
interesting blog posts. So, you may be wondering, what do Dynamite Plots, logs
and the joy of knowledge have to do with each other?
Well, if you have a few minutes, I’ll try to make the link.
For me, the humor of the cartoon above is rooted in multiple areas, but most of
all in the idea that the data inherently has
6 min
Google No Longer Provides Patches for WebView Jelly Bean and Prior
Over the past year, independent researcher Rafay Baloch
(of "Rafay's Hacking Articles") and Rapid7's
Joe Vennix have been knocking out Android
WebView exploits somewhat routinely, based both on published research and
original findings. Today, Metasploit ships with 11 such exploits, thanks to
Rafay, Joe, and the rest of the open source security community. Generally
speaking, these exploits affect "only" Android 4.3 and prior -- ei
4 min
Metasploit
HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301)
Overview
The Update (2014122301) which was released on December, 23th 2014, failed to
include necessary files for the application to update to version 4.11.0 for the
first time.
Issue
The application will not start, therefore browser will provide generic "The page
can't be displayed" message when trying to load the web UI.
Additionally, various log messages may appear in respective log files.
Windows: C:\metasploit\apps\pro\engine\prosvc.log
Linux: /opt/metasploit/apps/pro/engine/prosvc_stder
7 min
Metasploit
12 Days of HaXmas: Maxing Meterpreter's Mettle
This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a
look at some of more notable advancements and events in the Metasploit Framework
over the course of 2014. As this is the last in the series, let's peek forward,
to the unknowable future.
Happy new year, it's time to make some resolutions. There is nothing like a
fresh new year get ones optimism at its highest.
Meterpreter is a pretty nifty piece of engineering, and full of useful
functionality. The various extensi
3 min
Metasploit
12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog
This post is the tenth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
The Metasploit Framework uses operating
system and service fingerprints for automatic target selection and asset
identification. This blog post describes a major overhaul of the fingerprinting
backend within Metasploit and how you can extend it by submitting new
fingerprints.
Histo
8 min
Windows
12 Days of HaXmas: Does it Blend Like a Duck?
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
Writing portable software is not hard. It's just like walking through a
minefield! Getting to the other side, that's the tricky part.
Sure, if you target C, Unix-like systems and GCC or LLVM, you may not run into
too many hassles these days. There are still a few annoying differences between
BSDs and Linux, but POSIX a
9 min
Metasploit
12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
This summer, the Metasploit team began the large undertaking of reworking
credentials throughout the project. Metasploit, as you already know, began as a
collection of traditional exploits. Over the years it has grown into much more
than that. Credentials were first introduced into Metasploit in the form of
Auxiliary Sc
4 min
Haxmas
12 Days of HaXmas: Improvements to jsobfu
This post is the third in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
Several months ago, Wei sinn3r Chen and I landed
some improvements to Metasploit's Javascript obfuscator, jsobfu. Most notably,
we moved it out to its own repo and gem
, wrapped it in tests, beefed up its AV
resilience, and
2 min
Haxmas
12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule
This post is the second in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
For today's HaXmas amusement, I have something fun to share with you all. So the
other day I was watching this movie called The Knowing
, an action-thriller starring
Nicolas Cage. The story of this movie begins with a school teacher telling the
students that as part of the s
1 min
Wishing you happy holidays & a happy new year! From all of us at Rapid7
It's been an interesting year in our industry—and as 2014 draws to a close, we
here at Rapid7 wanted to take a few moments to say a big THANK YOU to our
customers, our partners, and to the wonderful security community that we're
proud to be a part of! The Rapid7 team all over the world recorded their holiday
wishes, compiled (by yours truly) into a little holiday video card:
We wish you all happy holidays and a joyous and secure new year in 2015!
-- Maria Varmazis, Community Manager (@mvarma
3 min
Metasploit Weekly Wrapup: Get the 411
Metasploit Version 4.11 Released
This week, we released Metasploit version 4.11 to the world -- feel free to
download it here if
you're the sort that prefers the binary install over the somewhat Byzantine
procedure for setting up a development environment .
Which you should be, because the binary installers (for Windows and Linux) have
all the dependencies baked in and you don't have to monkey around with much to
ge
3 min
IT Ops
Connected QA: Selenium + Log Analysis
Does the idea of adding Quality Assurance (QA) test runs to your log analysis
platform sound strange? It’s actually not! The value in adding QA test runs goes
beyond helping the QA team; it helps the entire development shop as they move to
a DevOps framework.
I talk a lot about the integrated development environment and going beyond
ad-hoc tool selection to a more deliberate and holistic approach. This also
means br
4 min
IT Ops
Is Server Monitoring Dead?
Once upon a time one of the first pieces of software you installed on your
infrastructure was a server monitoring tool. This was the control panel through
which you could view how effectively your infrastructure was being used, akin to
the speedometer and temperature gauges on your car, or the dashboard of dials in
an airplane’s cockpit.
Server monitoring tools usually work by capturing resource usage information
from your OS performance API or performance counters (e.g. via proc stats on
linu
6 min
IT Ops
End-to-End IoT Monitoring with Log Data
A recent blog
explored the importance of logging in general in terms of IoT devices. It also
cited predictions that a huge number (50 billion) of IoT devices are expected to
exist by 2020. While Machine to Machine(M2M) communication is a related area,
the IoT is all about extending the Internet to systems and even low power
devices.
While there is uncertainty about the exact nature of how these devices will be
networked and how th