1 min
Penetration Testing
Your PenTest Tools Arsenal
When it comes to information security, one of the major problems is setting up
your PenTest Tools Arsenal. The truth is, there are too many tools out there and
it would take forever to try half of them to see if one fits your needs. Over
the years, there have been some well established tools released that most of
security professionals use currently, but that doesn't mean that are not unknown
yet still very good pentesting tools that are not as popular.
I wanted to make a list of the pentest to
3 min
Leveraging the power of Metasploit's resource scripts
As a pentester for Rapid7 I use Metasploit a lot. I think one of the most
overlooked features in Metasploit is the ability to create resource scripts.
What are resource scripts you ask? “A resource file is essentially a batch
script for Metasploit; using these files you can automate common tasks – H.D.
Moore.”
There are several resource scripts included with Metasploit, one of which is
port_cleaner. If you're like me you have had times when, after importing NMAP
scan data, a bunch of cruft fo
3 min
Metasploit
Weekly Metasploit Update: ADSI support and MSFTidy for sanity
Meterpreter ADSI support
We ended up skipping last week's update since upwards of 90% of Rapid7 folks
were Shanghaied up to Boston, in the dead of winter, with only
expense-reportable booze too keep us warm at night. So, with much fanfare comes
this week's update, featuring the all new ADSI interface for Meterpreter, via OJ
TheColonial Reeves' Extended API.
Lucky for us, and you, Carlos DarkOperator
Perez was not ensconced i
3 min
Pwn Faster with Metasploit's Multi-Host Check Command
One of the most popular requests I've received from professional penetration
testers is that they often need to be able to break into a network as fast as
possible, and as many as possible during an engagement. While Metasploit Pro or
even the community edition already gives you a significant advantage in speed
and efficiency, there is still quite a large group of hardcore Framework users
out there, so we do whatever we can to improve everybody's hacking experience. A
new trick we'd like to in
7 min
Exploitable vulnerabilities #1 (MS08-067)
Description
In November of 2003 Microsoft standardized its patch release cycle. By releasing
its patches on the second Tuesday of every month Microsoft hoped to address
issues that were the result of patches being release in a non uniform fashion.
This effort has become known as Patch-Tuesday. From the implementation of
Patch-Tuesday (November, 2003) until December, 2008 Microsoft released a total
of 10 patches that were not release on a Patch-Tuesday also known as
“out-of-band” patches. The 10t
2 min
IT Ops
How to Monitor the Health of Your Application and Infrastructure With the Same Solution
With an attractive total cost of ownership of cloud-based solutions versus
on-premise solutions, a highly flexible nature and the ability to scale up
rapidly, there has been a steady increase in companies moving infrastructure out
of racks and into the cloud.
As more companies move their mission critical systems out of their physical
control to these cloud-based solutions, it only makes sense that their
application and machine generated logs are even more important than ever before.
With that
5 min
Metasploit
Making Your Printer Say "Feed Me a Kitten" and Also Exfiltrate Sensitive Data
As of this last release, PJL
(HP's Printer Job Language)
is now a grown-up Rex::Proto protocol! Since extending a protocol in Metasploit
is beyond the scope of this post, we'll just be covering how to use the PoC
modules included with the new protocol. Feel free to dig around in
lib/rex/proto/pjl*, though!
Okay, let's get started!
printer_version_info
First off, we have printer_version_info. This module lets us scan a range of
hosts for pri
3 min
Metasploit
Weekly Metasploit Update: Talking PJL With Printers
Abusing Printers with PJL
This week's release features a half dozen new modules that seek out printers
that talk the Print Job Language (PJL) for use and abuse. Huge thanks to our
newest full time Metasploit trouble maker, William Vu
.
As a penetration tester, you probably already know that office printers
represent tasty targets. Like most hardware with embedded systems, they rarely,
if ever, get patches. They don't often have very serious security controls
2 min
IT Ops
Amazon S3 Archiving...You asked, we delivered!
One thing we like to think we do well here at Logentries is listen to our
global
user base ! Something that a lot of you have asked
for recently is log archiving. Ask and you shall receive – we have now opened a
Beta for archiving to Amazon S3. So you can be safe in the knowledge that your
log files will be archived safely every night to a reliable storage facility
should you ever need them in the future. You can also be sure that any
compliance or PCI requirements
3 min
News on the Embedded Systems Land
Last year we worked hard to improve the embedded devices capabilities available
on Metasploit collaborating with awesome guys like m-1-k-3
to add new modules and capabilities
, collaborating
and conducting research
like in the IPMI related
work by HD Moore , or shari
2 min
Famous quotes and their bearing on information security
I love reading the works of the achievement and leadership greats. Their words,
some of which date back centuries, not only provide insight and motivation for
my career, they also validate many of the challenges we face in IT and
information security today. These ideas are great additions to my writing and
speaking and they're also, arguably, the one shoe-in we have with management on
the points we're trying to convey.
Here are some great quotes from some famous people that you might find
benef
1 min
January 2014 Patch Tuesday
2014 is off to a light start with Microsoft, as January was a very quiet month
for patches. There were only four advisories released this afternoon.
For the first time in quite a while, there is not a cumulative IE roll up patch.
I believe that this means the IE team was finally allowed to take a vacation
after the grueling year they had in 2013. However, I certainly expect them back
in February.
The second bulletin, MS14-002, addresses the somewhat awaited kernel elevation
of privilege
4 min
IT Ops
How to Send Log Data via a Proxy Server using Rsyslog
If you have a large number of servers you may have a requirement to
configure proxy servers in various parts of your network to accept messages and
then forward them to a centralized logging solution or service
. We regularly see this with larger customers where it
makes sense to collect logs centrally before sending them on to Logentries for
analysis. In some cases this can be a more stringent requirement where parts of
your network may not have direct access to the publ
1 min
Metasploit
Free Webcast: From Framework to Pro - Using Metasploit Pro in Penetration Tests
Metasploit Pro is more
than just a pretty web interface for Metasploit; it contains many little known
features that simplify large scale network penetration tests. In this technical
webinar for penetration testers who are familiar with Metasploit Framework
, David Maloney shows which features he finds most useful in Metasploit Pro.
Watch
3 min
IT Ops
How To Monitor Windows with Logentries
We are often asked at Support questions such as, “How do we use Logentries to
monitor Windows performance stats?” or “Can Logentries get alerts based on CPU
utilization on Windows?” The simple answer is yes, with the help of our
Logentries Agent for Windows and PowerShell
we can.
Here is a 5 minute tutorial to get you monitoring your CPU, Memory and Disk
Space with Logentries.
Installing the Logentries Agent
You