All Posts

3 min Microsoft

Patch Tuesday - May 2014 - Lots going on

There is a lot going on in the updates from Microsoft this month, including some very interesting and long time coming changes. Also, it's the highest volume of advisories so far this year, with eight dropping on us, two of which are labelled as critical. How to describe the patching priority is going to be very subjective.  Microsoft has identified three of these advisories: MS14-024, MS14-025, & MS14-029, the IE patch as priority 1 patching concerns. Interestingly MS14-029 which is the update
2 min

Goodnight, BrowserScan

The BrowserScan concept emerged during the heyday of Java zero-day exploits in 2012. The risk posed by out-of-date browser addons, especially Java and Flash, was a critical issue for our customers and the greater security community. The process of scanning each desktop for outdated plugins was something that many firms couldn't do easily. BrowserScan helped these firms gather macro-level exposure data about their desktop systems, providing a quick health-check o
5 min Exploits

Oracular Spectacular

Nexpose version 5.9.10 includes significant improvements to its Oracle Database fingerprinting and vulnerability coverage. When configured with appropriate database credentials, Nexpose scans can accurately identify which patches have been applied. This post will go through the steps for setting up such a scan, as well as discuss some of the finer details about Oracle's versioning scheme and the terminology around their quarterly Critical Patch Update program. Scanning Oracle Databases with Nex
4 min Authentication

ControlsInsight: A Step-by-Step Approach to Troubleshoot Missing Assets

ControlsInsight retrieves data from Nexpose, so it is important to make sure that the site is properly configured. In this blog post, we will go through a step-by-step procedure of setting up a site configuration that will enable ControlsInsight to report on all Windows assets. We will also go through a scenario to troubleshoot why an asset did not make it into ControlsInsight. Step 1: Things we need * The list of assets to be scanned either by IP range or hostnames * ControlsInsight c
2 min IT Ops

Using D3.js to Graph Your Log Data

At Logentries, we use the open-source D3.js visualization library for a number of our graphs, including our recently released Insights feature . In a nutshell, D3 allows you to efficiently manipulate documents based on data with minimal overhead. While it could in fact be used for all types of DOM manipulation that you might do with jQuery instead for example, we have used it purely for its graphing functionality. One of the reasons we chose D3 i
1 min Metasploit

2014 Metasploit T-Shirt Design Contest

Hey Hacker-Designers! Remember about this time last year, we kicked off the Metasploit T-Shirt design contest to commemorate our shipping of 1,000 exploits and Metasploit's 10th Anniversary? Turns out, we had so many good designs and so much fun with that that we're doing it again this year. So let's see, what reason can we contrive this year... We have 1,294 exploits now
2 min Metasploit

Federal Friday - 4.25.14 - A Whole Lot of Oops

Happy Friday, Federal friends! I hope all of you enjoyed some nice family time over the respective holidays last week. After a successful Marathon Monday here in Boston we're blessed with chirping birds and blooming flowers (finally)! As you all probably know by now, Verizon released their latest DBIR report earlier this week. While this report covered a wide range of topics in regards to breaches, I

2 min IT Ops

Log Aggregation & Grouping in 3 Clicks

With the introduction of a centralized,aggregated view of your logs , we enabled our users to see their entire stack in one view and to quickly correlate different logs together. This log aggregation viewpoint provides much deeper insight into what is occurring across your logs from various sources. We thought that the Log Aggregation View was pretty cool, so we are very excited to launch log Groups which add even more flexibility to save and moni
2 min Metasploit

Hacker's Dome: An Online Capture-the-Flag (CTF) Competition on May 17

Many folks ask me how you can get started as a penetration tester. Save for a real-life penetration test, capture-the-flag (CTF) competitions are probably the most effective ways for you to hone your offensive security skills. What's best: they're a ton of fun, even for experienced pentesters. The folks over at CTF365.com have put together a one-off CTF called Hacker's Dome, which will start on May 17th and run for 48 hours, so save the date. Hacker's Dome - First Bloo
1 min IT Ops

Customer Success: Sending your CoreOS data to Logentries

We love sharing cool stories straight from our customers about how they are using logs to solve problems.  This one is from Matthias Kadenbach (@mkadenbach) who was using CoreOS with multiple Docker containers on Google Compute Engine and not sure how to log from CoreOS to remote destinations. CoreOS is a stripped down version of Linux (Chrome OS) that has no package manager. This basically means no build-essentials are included with the OS, which makes it impossible to download and build the L
3 min IT Ops

4 Reasons to Love Your Log Data

Data logging by essential IT equipment has been around since the beginning of the modern computer era. Operating systems, application software, hardware, and a plethora of IT equipment in and on the network generate log files, and IT professionals can often find themselves knee deep in an overwhelming amount of data, especially as cloud services are added to the mix . But, the truth is that if used properly, log data can be a very good friend to both IT and business

4 min IT Ops

What is "real-time" anyway…?

I love a good buzzword…cloud, big data, analytics …And even more than the buzzwords, I love the liberties people tend to take applying these buzzwords to their new systems and services. Such buzzwords regularly get abused and often get washed into marketing material and product websites in an attempt to hoodwink and woo new unsuspecting customers. One of my (least) favorite buzzwords, that I’ve noticed popping up more recently in particular in the logging space is “real-time.” So what does re
1 min IT Ops

A Note on Logentries Security

The recent OpenSSL vulnerability CVE-2014-0160 , nicknamed “Heartbleed,” affected large part of the Internet. It was caused by a relatively trivial bug, a missing check for an input value, which can lead to a buffer overrun, causing leaking of an unrelated block of memory. This can ultimately lead to compromising of the secret keys used to encrypt the traffic, which essentially allows attackers to eavesdrop on communications, steal data directly f
5 min Exploits

Exploiting CSRF under NoScript Conditions

CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this: you, as the victim, are logged in to some web site, like your router configuration page, and have a valid session token. An attacker gets you to click on a link that sends commands to that web site on your behalf, without your knowledge
4 min

From the Trenches: AV Evasion With Dynamic Payload Generation

By guest blogger Shane Rudy, Information Security Manager, AOScloud, C|EH | E| CSA | L|PT | CPT | CEPT A few weeks ago I was excited when Rapid7, asked me to participate in their 2014 Tech Preview Program for Metasploit Pro version 4.9 I have always enjoyed the interaction I have had with the talented crew over at Rapid7 and I have been a big fan of Metasploit Framework since its inception years ago. Rapid7 has done an excellent job of interacting and allowing its users to participate within t

Popular Topics

Tags