13 min
Metasploit Gems From Scratch
Introduction
As Metasploit adopts community best practices related to testing and code
structure, we've started breaking up our new (and part of our old) work into
separate projects that can developed and tested independently. These smaller
projects take the form of Ruby gems and Rails::Engines. As we've made more and
more gems, we've gotten a repeatable process for making new gems, but we thought
our process might we useful for other developers in the community that are
looking for a newer gu
5 min
IT Ops
How to Avoid the Big Data Black Hole
It takes a lot of will power, in our data obsessed world to say “too much!”
However, there are many ways where too much information is destroying
productivity, and actually causing bad decision making, not good. But it is hard
to avoid the world of opportunities that has been opened in data collection and
analysis. So how do you balance the two? The first step is to understand there
is a big difference between data collection, and it’s utilization. While it
seems subtle, the difference is key, a
2 min
Microsoft
Patch Tuesday - September 2014
It's a light round of Microsoft Patching this month. Only four advisories, of
which only one is critical. The sole critical issue this month is the expected
Internet Explorer roll up affecting all supported (and likely some unsupported)
versions. This IE roll up addresses 36 privately disclosed Remote Code
Execution issues and 1 publically disclosed Information Disclosure issue which
is under limited attack in the wild. This will be the top patching priority for
this month.
Of the three no
3 min
IT Ops
Scaling with RESTful Microservice Architecture
As described in a previous post on this
blog, we have been using the Dropwizard
framework to quickly develop high
quality, easily testable
, RESTful
microservices to expand the functionality of our product. These complement the
existing multi-instance services running in our cluster and contribute to the
continued scaling of the Logentries service. Both i
2 min
AIX coverage: See what you need to see
In a huge refinement to IBM AIX vulnerability coverage, Nexpose version 5.10.8
and later scans AIX machines for a specific set of patches related to known
vulnerabilities. This more focused approach provides easier management of AIX
machines by allowing you to see very quickly how affected systems are vulnerable
and which solutions need to be applied.
As Nexpose searches only for vulnerabilities, the scans are significantly
faster. This allows you to stay up to date with the published vulnerabi
2 min
How do You USB?
All the perimeter protection in the world won't stop an attack that doesn't get
checked by the security measures around your perimeter, assuming the perimeter
is still a viable term in today's distributed, mobile, and virtual world. If an
attacker were to drop a USB stick in a public area of your company, what are the
chances that USB stick eventually finds a USB port? Pretty good.
4 min
IT Ops
Monitoring & Analyzing AWS CloudTrail Data From Multiple AWS Regions
We recently released AWS CloudTrail integration with Logentries
– and not surprisingly we’ve seen a
significant uptick in adoption as one of our most popular integrations. My job
as director of customer success is to make things as simple for our customers as
possible. One question that consistently pops up, is how to collect AWS
CloudTrail logs from multiple AWS regions.
We follow Amazon’s best practices
6 min
Metasploit
Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10
In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit
Commercial Editions) to be a full-fledged Rails::Application. You may be
wondering why Metasploit Framework and prosvc, should be Rails applications when
they aren't serving up web pages. It all has to do with not reinventing the
wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine.
Rails 3.0 infrastructure
Since Rails 3.0, Rails has been broken into multiple gems that didn't require
each other a
2 min
Nexpose
Software defined security made real
This week were headed for VMworld 2014 in San Fransisco and we're excited to be
talking about how Rapid7 is partnering with industry leaders like Symantec, Palo
Alto Networks, and of course VMware to build out the VMware NSX security
ecosystem . Together we've
created an integrated system that collaborates together leveraging the NSX
platform to automate risk identification
and mitigation for VMware customers
9 min
Vulnerability Disclosure
R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks
Overview
As part of Rapid7 Labs' Project Sonar , among
other things, we scan the entire public IPv4 space (minus those who have opted
out) looking for listening NTP servers. During this research we discovered some
unknown NTP servers responding to our probes with messages that were entirely
unexpected. This lead to the writing of an NTP fuzzer in Metasploit
3 min
IT Ops
How to Integrate Go / GoLang with Logentries
Would you like to send logs from your Go program code into your Logentries
account?Thanks to the help of Gal Ben-Haim’s, bsphere Golang library for log
entries , Go coders can be sending their logs
to Logentries in no time at all. Benefits of using this Go Lang library and
implementing with your Logentries account include:
* Remote viewing and analysis of your Go program log events
* All your logs are sent to one location, and viewed through an easy to use
2 min
Metasploit
Feedback on Rapid7's Tech Preview Process and Metasploit Pro 4.10
By guest blogger Sean Duffy, IS Team Lead, TriNet
Rapid7 invited me to participate in pre-release testing of Metasploit 4.10, a
process they call Tech Preview. They asked me to openly share my thoughts with
the community.
Preparation and Logistics
I always enjoy working with Rapid7. Preparatory meetings and documentation made
the installation and testing process a breeze. Rapid7 was also kind enough to
extend my testing and feedback sessions when work so rudely intruded on the fun.
Zero comp
4 min
Events
More SNMP Information Leaks: CVE-2014-4862 and CVE-2014-4863
Today, Rapid7 would like to disclose a pair of newly discovered vulnerabilities
around consumer and SOHO-grade cable modems, the Arris DOCSIS 3.0 (aka,
Touchstone cable modems) and Netmaster Wireless Cable Modems. Both exposures
were discovered by Rapid7's Deral Percent_X
Heiland and independent researcher Matthew Kienow. The duo plan to discuss these
and other common vulnerabilities and configuration issues at DerbyCon near the
end of September. In the meantime,
3 min
IT Ops
Real-time Alerting on Anomaly and Inactivity Made Simple.
“a·nom·a·ly”
1. Deviation or departure from the normal or common order, form, or rule.
When someone is looking to be alerted when something unexpected happens within
their environment they are usually referring to anomaly detection. But the
problem is that it’s hard to turn a complex problem (i.e. looking for something
when you are not sure what it is) into an easy to use solution.
The thing about anomaly detection is that you don’t know how the issue will
present itself so predicting the patte
1 min
Metasploit
msfconsole failing to start? Try 'msfconsole -n'
As part of the last release, the Metasploit Engineering team here at Rapid7 has
been on a path of refactoring in the Metasploit open source code in order to
make it more performant and to get toward a larger goal of eventually breaking
up the framework into a multitude of libraries that can be used and tested in a
standalone way.
This effort will make it easier to deliver features and respond to issues more
quickly, as well as ensure that regressions and bugs can get diagnosed, triaged,
and fix