2 min
Authentication
Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host
IT professionals set up service accounts to enable automated processes, such as
backup services and network scans. In UserInsight, we can give you quick
visibility into service accounts by detecting which accounts do not have
password expiration enabled. Many UserInsight subscribers love this simple
feature, which is available the instant they have integrated their LDAP
directory with UserInsight. In addition, UserInsight has several new ways to
detect compromised service accounts.
To do their
3 min
IT Ops
Heroku Buttons Rock!
As one of Heroku’s beta users I had the chance to check out the new Heroku
button gallery last week. I must say I was very
pleasantly surprised.
Over the past few years, it’s fair to say Heroku have nailed their PAAS
offering. They are one of the few PAAS providers to truly succeed in providing
developers both an easy to deploy platform, and a full ecosystem of add ons.
This allows you as a developer to get on with what you do best.
Yes, you can actually spend you
2 min
SIEM
Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior
If you're using HP ArcSight ESM as your SIEM, you can now add user-based
incident detection and response to your bag of tricks. Rapid7 is releasing a new
integration between Rapid7 UserInsight
and HP ArcSight ESM
, which enables you to detect, investigate and respond to security threats
targeting a company's users more quickly and effectively.
HP ArcSight is
3 min
IT Ops
Logging from PHP Web Frameworks like Laravel
So what is Laravel ?
Laravel is a relatively new MVC web framework for PHP that was released in 2012.
It’s also the most popular PHP project on Github
at the time of this post. Like many web
frameworks, Laravel boasts an easy learning-curve to get an app up and
running. This was certainly the case when I used it.
While this post is focusing on logging in Laravel, its applicable to other php
web frameworks, like Symfony2
2 min
Vulnerability Disclosure
UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network
If you're in security, you've likely already heard about the ShellShock
vulnerability (aka Bash Bug,
CVE-2014-6271, and CVE-204-7169). We have reviewed how ShellShock is being
exploited, and the disclosed vectors are not applicable to our UserInsight
deployment, yet we're following the security community's lead around patching
all of our systems.
In case other systems on your network have been compromised, you should be extra
vigilant about suspicio
3 min
Vulnerability Disclosure
Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)
__
A severe vulnerability was disclosed in bash that is present on most Linux, BSD,
and Unix-like systems, including Mac OS X. The basis of this vulnerability
(nicknamed Shellshock) is that bash does not stop processing after the function
definition, leaving it vulnerable to malicious functions containing trailing
commands. Common Vulnerabilities and Exp
5 min
API
Working with reports and exports via the RPC API
The Metasploit RPC API provides a straightforward, programmatic way to
accomplish basic tasks with your Metasploit Pro instance. Two of the key
capabilities are export generation to backup your data and report generation to
summarize and share your findings. The RPC API docs are currently undergoing a
major overhaul and are a bit out of date for reports and export generation. This
post will provide all the examples and configuration options you need to get
running.
Setting up a client to make t
5 min
IT Ops
Cloud Platforms vs. On-Prem - A Guide for the Rest of Us
Working for Cloud based businesses for the greater part of a decade now, one
question invariably comes up:
“Why should I move my data to the cloud?”
There are always a few objections that come up as well. Following-up on a
previous blog post where we discussed the business benefits of cloud computing
, this
will be a discussion on the most common objections and how to have a
conversation around cloud and on-premise envir
1 min
Metasploit
New "show missing" Command in msfconsole
Hello, Metasploiters! Just wanted to update y'all on a new feature in msfconsole
that *hopefully* should make vgrepping
through
module options a little easier.
Show empty required options
The new command is show missing, and all it does is show empty required options.
Instead of looking through a long list of options and picking out the required
ones that haven't been set, just run show missing, and a list of unset required
2 min
IT Ops
E2N Reduces Anxiety and Increases Customer Satisfaction with Log Data
E2NGastro is a small startup in Germany, who provide a
SaaS platform for restaurant management, staff management, timekeeping, and work
schedules (among other services). We spoke with their CEO/CTO, Bjorn Raupach,
who shared the history behind their use of log data.
Before using a log management tool
, E2N had log files, but they were difficult to locate.
To access them, you had
4 min
IT Ops
3 Common Problems Solved With JSON
One of the most common questions we get asked by customers is:
“What’s the best way to log my data?”
My answer is always:
“log using JSON format wherever possible.”
The next question we often get asked – (but not as much)…
Yeah JSON, …Hmmm, what is JSON again?
So JSON is:JavaScriptObjectNotation.
But put simply, this is a way that data can be stored in a structured format,
where each piece of data will usually have an identifier (known as a key) and a
value (which can be in multiple forma
4 min
IT Ops
7 Benefits of Cloud Computing for Non-Technical Techies
Much has been written about the cloud. What it is
, where it is
, how it works
, etc.
This isn’t going to be a rehash of those questions.
This is a cloud computing guide for the non-developer or non-operations guy.
The goal of this post is to lay the groundwork for a further discussion: of
cloud vs. on-premise, an
2 min
HacmeBank & HacmeCasino in the Cloud | Free Windows Security Trainings
After Metasploitable in the Cloud and
bWAPP , CTF365 has increase both,
the number of "vulnerable by design" servers and operating systems by adding
HacmeBank and HacmeCasino as vulnerable web applications courtesy to McAfee
through Fundstone.
The machines runs on Windows Server 2008 and WindowXP thanks to Microsoft
through their Bizspark Startup Program and
they are acces
1 min
Windows
Mitigating Service Account Credential Theft
I am excited to announce a new whitepaper, Mitigating Service Account
Credential
Theft
on Windows. This paper was a collaboration between myself, Joe Bialek of
Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is
shown below,
Over the last 15 years, the Microsoft Windows ecosystem has expanded with the
meteoric rise of the internet, business technology, and computing in gene
2 min
Incident Response
Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)
As UserInsight grows and we look to add value to more incident response teams
that have already chosen the solution that serves as their "single pane of
glass", this series will update you on the integrations we build to share
valuable context with those solutions.
The Solution
While FireEye and Mandiant were separately disrupting the security industry,
they obtained a great deal of threat intelligence and indicators of compromise
along the way. The FireEye Threat Analytics Platform (TAP for sh