5 min
Heartbleed War Room - Product FAQ
Quick reference links before we dive in:
* Heartbleed Vulnerability Resources
* Heartbleed War Room - FAQ
* Using Nexpose to stop the bleeding
* Metasploit's Heartbleed scanner module
Following up on our Heartbleed War Room webcast f
2 min
Exploits
Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability
Sophos Web Protection Appliance vs 3.8.1.1 and likely prior versions was
vulnerable to both a mass assignment attack which allowed privilege escalation,
as well as a remote command execution vulnerability as root available to admin
users. ZDI details the vuln here
.
This Metasploit module exploits both vulnerabilities in order to go from an
otherwise unprivileged authenticated user to root on the box. This is
particularly bad because this
3 min
Nexpose
Using Nexpose to Stop the Bleeding (Scanning for the OpenSSL Heartbleed Vulnerability)
By now you have almost certainly heard about the recently disclosed OpenSSL
Heartbleed vulnerability
(CVE-2014-0160). The April 9th update for Nexpose includes both authenticated
and unauthenticated vulnerability checks for Heartbleed.
Scanning your assets with the regular full audit template, or indeed any
template that isn't tuned to exclude many ports or vulnerabilities, will
automatically pick up this vulnerability. But it is also possible to create
3 min
IT Ops
Automating logging to Logentries
Staying on the subject of devops, specifically server automation and monitoring,
I’m going to show you how you can automatically send logs to Logentries using
Chef and Vagrant . If
you are unfamiliar with either of these technologies I suggest you have a look
through my previous posts to bring you up to speed on things.
We’re going to cover how to install the logentrie
4 min
Metasploit
Security Advisory: OpenSSL Heartbleed Vulnerability (CVE-2014-0160) in Metasploit (Updated 4/11/14 2:20pm EDT)
Metasploit 4.9.0 and earlier vulnerable to Heartbleed, update 4.9.1 addresses
critical cases
The Metasploit editions Metasploit Pro, Metasploit Express, and Metasploit
Community in versions 4.9.0 or earlier are vulnerable to the OpenSSL Heartbleed
Vulnerability (CVE-2014-0160). Please update to version 4.9.1 to remediate
critical vulnerabilities. See below for remediation instructions.
Metasploit Framework itself is not affected, but it has dependencies on other
components that may need to be u
3 min
Microsoft
It's the end of XP as we know it, April Patch Tuesday 2014, and, oh yeah... heartbleed.
So this is it, the last hurrah for the once beloved XP, the last kick at the can
for patching up the old boat. Sure, by today's standards it's a leaky,
indefensible, liability, but… hey, do you even remember Windows 98? Or (*gasp*)
ME? At least we can all finally put IE 6 to rest, once and for all, the final
excuse for corporate life-support has been pulled… except for legacy apps built
so poorly that they depend on IE 6 and are “too costly” to replace.
As everyone should know by now, ther
3 min
Exploits
Metasploit's Brand New Heartbleed Scanner Module (CVE-2014-0160)
Is the Internet down? Metasploit publishes module for Heartbleed
If you read this blog at all regularly, you're quite likely the sort of Internet
citizen who has heard about the Heartbleed attack and grasp how serious this bug
is. It's suffice to say that it's a Big Deal -- one of those once-a-year bugs
that kicks everyone in security into action. OpenSSL underpins much of the
security of the Internet, so widespread bugs in these critical libraries affects
everyone.
The subsequently published
14 min
Exploits
"Hack Away at the Unessential" with ExpLib2 in Metasploit
This blog post was jointly written by Wei sinn3r
Chen and Juan Vazquez
Memory corruption exploitation is not how it used to be. With modern mitigations
in place, such as GS, SafeSEH, SEHOP, DEP, ASLR/FASLR, EAF+, ASR, VTable guards,
memory randomization, and sealed optimization, etc, exploit development has
become much more complicated. It definitely shows when you see researchers
jumping through hoops like reverse-engineering
2 min
Metasploitable in the Cloud
This guest blog comes to us from Marius Corici from CTF365 .
When asked to describe himself he gave me the following: "I enjoy being an
entrepreneur and discovering new solutions for old problems. Motto: Think a lot
to do less and preserve energy to provide simplicity."
There is no doubt that the best way to learn Information Security is hands-on
and to make this easier, the guys from Rapid7 and Metasploit created
Metasploitable
2 min
Metasploit
R7-2014-05 Vulnerability in Metasploit Modules (Fixed)
Metasploit Pro, Community, and Express users are urged to update to the latest
version of Metasploit to receive the patch for the described vulnerability. Kali
Linux users should use the normal 'apt-get update' method of updating, while
other Metasploit Pro, Community, and Express users can use the in-application
Administration : Software Updates button.
A remote privilege escalation vulnerability has been discovered by Ben Campbell
of MWR InfoSecurity
2 min
Like msfvenom? Here's A Faster Way to Generate Stand-alone Metasploit Payloads
Part of the Metasploit Framework, msfvenom is a command-line tool that helps
penetration testers to generate stand-alone payloads to run on compromised
machines to get remote access to the system. Msfvenom is a combination of two
other Metasploit Framework tools: Msfpayload and Msfencode, which generate and
encode payloads respectively.
Even if you have used Msfvenom before, chances are that you need to look up the
tool's documentation every time you want to generate a payload. Msfvenom is a
2 min
IT Ops
5 Great Blogs for DevOps
If you are a DevOps professional looking to get more involved or further your
learning, or just looking for some entertaining, insightful content, we wanted
to put together a list of 5 great blogs for DevOps. And, we know we missed some,
so feel free comment and share what other blogs should be on here!
A few great blogs that we think you might find valuable:
1. ContinuousDelivery.com – Dave Farley and
Jez Humble run this site. Jez is a principal consult
8 min
Driving Risk Reduction through RealContext™ in Nexpose 5.9
We are pleased to announce the next major release of Nexpose, version 5.9. This
release focuses on reducing the risk that matters to your business, quickly and
efficiently.
Business Context?
One of the biggest failings of the security industry so far is that it has
failed to successfully tie the knowledge and the needs of the business to the
overall risk landscape. Every organization has different thoughts and needs
around how they prioritize risk, what they deem fundamentally important, and h
3 min
Tarpits. A Nexpose Killer?
In the challenge of network security there are many great tools at your
disposal. Some of these tools are the IDS/IPS and Firewall. An IDS will detect
an attack, relay the info to the IPS which will help prevent it. Firewalls
generally block stuff (IP or port related), and also tend to have some basic
IDS/IPS functionality.
What is a Tarpit?
A Tarpit is a service generally found on IDS/IPS and Firewalls as well as
servers, that delay or shroud incoming connections. Basically when port
scanning,
6 min
IT Ops
Synchronizing Clocks In a Cassandra Cluster Pt. 2 - Solutions
This is the second part of a two part series. Before you read this, you should
go back and read the original article, “Synchronizing Clocks In a Cassandra
Cluster Pt. 1 – The Problem
.” In
it, I covered how important clocks are and how bad clocks can be in virtualized
systems (like Amazon EC2) today. In today’s installment, I’m going to cover some
disadvantages of off-the-shelf NTP installations, and how to overcome them.
C