4 min
Events
More SNMP Information Leaks: CVE-2014-4862 and CVE-2014-4863
Today, Rapid7 would like to disclose a pair of newly discovered vulnerabilities
around consumer and SOHO-grade cable modems, the Arris DOCSIS 3.0 (aka,
Touchstone cable modems) and Netmaster Wireless Cable Modems. Both exposures
were discovered by Rapid7's Deral Percent_X
Heiland and independent researcher Matthew Kienow. The duo plan to discuss these
and other common vulnerabilities and configuration issues at DerbyCon near the
end of September. In the meantime,
3 min
IT Ops
Real-time Alerting on Anomaly and Inactivity Made Simple.
“a·nom·a·ly”
1. Deviation or departure from the normal or common order, form, or rule.
When someone is looking to be alerted when something unexpected happens within
their environment they are usually referring to anomaly detection. But the
problem is that it’s hard to turn a complex problem (i.e. looking for something
when you are not sure what it is) into an easy to use solution.
The thing about anomaly detection is that you don’t know how the issue will
present itself so predicting the patte
1 min
Metasploit
msfconsole failing to start? Try 'msfconsole -n'
As part of the last release, the Metasploit Engineering team here at Rapid7 has
been on a path of refactoring in the Metasploit open source code in order to
make it more performant and to get toward a larger goal of eventually breaking
up the framework into a multitude of libraries that can be used and tested in a
standalone way.
This effort will make it easier to deliver features and respond to issues more
quickly, as well as ensure that regressions and bugs can get diagnosed, triaged,
and fix
4 min
Metasploit
Hunting for Credentials: How Metasploit Pro Beat Me on the Command Line
By guest blogger Robert Jones, Information Security Manager, City of Corpus
Christi
I had the opportunity to participate in a tech preview of Metasploit Pro's new
credentials features. In our shop, we use Metasploit Pro, Nexpose, UserInsight
and ControlsInsight, all by Rapid7. I certainly wish I could spend the majority
of my time pentesting, but instead I often times I find myself using Metasploit
to educate users by showing them how I can compromise their machines. It is
incredibly compelli
6 min
IT Ops
An APM Solution Divided Cannot Stand
This post originally appeared onthe Smart Bear blog
. To read
more content like this, subscribe to the Software Quality Matters Blog
.
Frustrations with lack of tool unification might just lead to revolution in the
APM space…
Application Performance Management (APM) is a broad concept, and many
technologies fall under its umb
3 min
IT Ops
Evolve, Don't Revolve
Logs have been around for a while, not quite as long as the wheel, but not far
off. Here at Logentries, we have the mantra of evolve don’t revolve (as in don’t
sit around spinning your wheels getting nowhere). We are taking this concept
and looking to evolve the way you work with and think about your log data.
Gone are the old days, where you only used logs to find exceptions. A new day
has dawned, and the future is here, the future is Logentries (
2 min
Metasploit
Metasploit Pro's New Credentials Features Save Us Time in Workflows
By guest blogger Dustin Heywood, Manager, Security Assurance, ATB Financial
Recently I was invited to participate in Metasploit Pro's Tech Preview Program,
where customers are given early access to new product releases. I've taken part
in this program before and I have always loved the experience.
For those of you who haven't been involved in a Rapid7 Tech Preview program: It
starts out with a call with the customer engagement manager and the product
management team, who gave me an overview
3 min
Improving Visibility into your Security Program – the Risk Scorecard Report
One of the most strenuous aspects of managing your security program is
understanding where to focus your time and effort. It can be a challenge to
balance providing consistent progress updates to your stakeholders and working
with your IT teams to prioritize and remediate issues based on the most accurate
data available at that time. Communication is critical, yet how do you know what
to target and how do you share this information with your organization? Nexpose
has the perfect tool to help yo
1 min
Microsoft
Patch Tuesday - August 2014
Microsoft clearly wants everyone to shake off the dog days of summer and pay
attention to patching. This month's advance notice contains nine advisories
spanning a range of MSFT products. We have the ubiquitous Internet Explorer all
supported versions patch (MS14-051), with the same likely caveat that this would
apply to Windows XP too, if Microsoft still supported it. This patch addresses
the sole vulnerability to be actively exploited in the wild from in this month's
crop of issues, CVE-201
4 min
IT Ops
JSON logging in Apache and Nginx with Logentries
I’m often asked on calls with our customers what is the preferred format for log
data being sent to Logentries
. While we pride ourselves on being the Log Management
tool that is easiest to setup a
4 min
IT Ops
How D3 can help you build effective data visualizations
Data Visualization is the method of consolidating data into one collective,
illustrative graphic. Traditionally, data visualization has been used for
quantitative work, but ways to represent qualitative work have been shown to be
equally powerful. The main goal of data visualization, is to communicate
information clearly and effectively through graphical means. That doesn’t mean
that it needs to look boring to be functional or extremely sophisticated to look
beautiful. In order to achieve a bala
2 min
Events
Metasploit Race to Root and Loginpalooza
Race to Root
Unless you've gotten to this blog by freak accident, you are certain to be aware
that next week is Black Hat USA 2014, and of course, we'll be there. You can
find us at Booth #541, where we'll be running the Metasploit Race to Root, using
the latest pre-release build of Metasploit Pro.
Now, this is not just a contest to see who can get their badge scanned the
fastest. Oh no. This is a real, hands-on micro-sized capture the flag
competition, run by our capable and talented in-house
4 min
I don't always write my own web application fingerprints, but when I do, I use XML
One of the awesome things about Nexpose is its extensibility. Nexpose now allows
you to write your own custom web application fingerprints, using a combination
of XPath and regular expressions. Coupled with the ability to add your own
custom checks
,
this allows you to write your own web application vulnerability coverage.
This fingerprinting functionality can be used on any web application that
provides its version i
5 min
IT Ops
Smart Continuous Delivery Using Automated Testing
This post is building on a recent post highlighting recommendations on how to
simplify your unit testing by using the right set of tools (Smart Integration
Testing with Dropwizard, Flyway and Retrofit
).
As a company like Logentries rapidly
grows, and the number of product features increases, an important question
arises around maintaining the highest level quality and user experience. That
level is usually where the
2 min
IT Ops
4 Ways to Use Centralized Log Management for Improved Production Monitoring
Is your team focused on preventing outages and minimizing downtime in
production?
Time to resolution is one of the most important operational KPIs for Ops teams,
becauseany time that your application is down, is too long for your users.
Whether it’s minutes, hours, or (in a worst case-scenario) days, any time that
your systems are down, your business is losing money; and more importantly,
customer trust and satisfaction. This creates additional pressure on your team
and hurts employee morale. By