3 min
ControlsInsight Year In Review
While many are already looking ahead and making security predictions for 2014
, it's also
important to pause and reflect on the year that's been. It's been a whirlwind
year for ControlsInsight. We developed and launched a new product from the
ground up - this in itself is an achievement that everyone involved should be
proud of.
Since launching in August, we've already released 7 product updates to quickly
make improvements based on us
3 min
IT Ops
5 Uses for Log Data That You Never Thought Of
When you think of logs, what do you think of? It’s most likely troubleshooting
software applications and the infrastructure that underlies them, keeping an eye
on your production apps…perhaps even database logs and some other things like
that. Traditional log management stuff…I’m guessing
it’s not sports cars, law enforcement, lighting, marketing metrics, and beer.
Well guess what? It can be!
1) Fact Check a Journalist
Back in February of 2013 The New York Times publis
2 min
Microsoft
December 2013 Patch Tuesday
One more go around the block for 2013 and like the last, late tropical storm of
the season, Microsoft is taking one last swipe and security and IT teams alike.
This Patch Tuesday features a solid 11 advisories affecting 6 different product
types. All supported versions of Windows, Office, Sharepoint, Exchange, Lync
and a mixed bag of developer tools are affected. 5 of the advisories are rated
critical, including one affecting Exchange and one affecting Sharepoint and
Lync, not to mention th
3 min
Exploits
Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP
Meterpreter Extended API
This week, we've got some new hotness for Meterpreter in the form of OJ
TheColonial Reeves' new Extended API (extapi)
functionality. So far, the extended API is for Windows targets only (hint:
patches accepted), and here's the rundown of what's now available for your
post-exploitation delight:
* Clipboard Management: This allows for reading and writing from the target's
clipboard. This includes not only text, like you'd expect, but
2 min
Networking
Top 3 Reasons Small-to-Medium Businesses Fail at Security
Cyberattacks are on the rise with more sophisticated attack methods and social
engineering being employed against just about any entity with an Internet
presence. According to a recent study cited by the U.S. House Small Business
Subcommittee on Health and Technology, companies that were 250 persons or less
were the target of 20% of all cyberattacks. A more sobering claim of the study
is the roughly 60% of small businesses that close within 6 months following a
cyberattack.
While cyberattacks a
3 min
Penetration Testing
#pwnSAP Tweet Chat Debrief
On December 3, Rapid7 security researcher Juan Vazquez hosted a panel of experts
for a tweet chat to
discuss SAP system hacking. The #pwnSAP chat was a great discussion – here are
some highlights.
Juan's first question was, “Can you start by telling us a bit about how SAP
system hacking has changed lately?” @todb called this research paper, SAP
Penetration Testing Using Metasploit – How to Protect Sensitive ERP Data
3 min
Metasploit
Weekly Metasploit Update: SAP and Silverlight
SAP SAPpy SAP SAP
We've been all SAP all the time here in the Independent Nations of Metasploit,
and expect to be for the rest of the week. You might recall that Metasploit
exploit dev, Juan Vazquez published his
SAP
survey paper
a
little while back; on Tuesday, we did a moderated twitter chat on the hashtag
#pwnSAP with the major
S
4 min
Logentries Add-Ons for Heroku Environment pt. 1 – CloudAMQP
We recently announced ouradd-on program at Logentries
, which allows third party vendors to send
their log data toLogentries < and to highlight
important events for their users via ourtagging, alerting and reporting features
. This allows vendors to predefine
what log events their users really need to know about and if there are
particular thresholds that indicate trouble may be looming. Users
5 min
IT Ops
Log Management 101 - Where Do Logs Come From?
We’ve had a lot of people asking for the Log Management
Primer for a while
now. And, surprisingly, many of these folks have a strong technical background,
including developers. Some want it for themselves, and some want it to pass on
to a colleague, manager, etc. I’m going to explain what logs are, where they
come from and how you can get your logs.
If you’re a developer, this post probably isn’t for you as we don’t dig into the
code
1 min
Research
A Pentester's Introduction to SAP & ABAP
If you're conducting security assessments on enterprise networks, chances are
that you've run into SAP systems. In this blog post, I'd like to give you an
introduction to SAP and ABAP to help you with your security audit.
The full SAP solution (ERP or SAP Business Suite) consists of several
components. However, to manage the different areas of a large enterprise,
probably one of the better known components or features of the SAP solution is
the development system based on ABAP
2 min
Metasploit
Weekly Metasploit Update: Patching Ruby Float Conversion DoS (CVE-2013-4164)
Metasploit 4.8.1 Released
Thanks to the revelations around the recent Ruby float conversion denial of
service, aka CVE-2013-4164
discovered and reported by Charlie Somerville, this week's release is pretty
slim in terms of content; on Friday (the day of the first disclosure), we pretty
much dropped everything and got to work on testing and packaging up new
Metasploit installers that ship with R
3 min
Metasploit
Weekly Metasploit Update: BrowserExploitServer (BES), IPMI, and KiTrap0D
Browser Exploit Server
This release includes the much vaunted and anticipated BrowserExploitServer
(BES) mixin
, the brainchild of Metasploit exploit developer Wei @_sinn3r
Chen. Metasploit, at its core, is designed to be
both an exploit delivery system and exploit development system, so this new
mixin should help tremendously with the latter. BES, in a
3 min
IT Ops
Where Are My AWS Logs?
Over my time at Logentries, we’ve had users contact us about where to find their
logs while they were setting up Logentries
. As a result, we recently released a feature for Amazon Web Services called the
AWS Connector, which automatically discovers your log files across your Linux
EC2 ins
5 min
Metasploit
Exploiting the Supermicro Onboard IPMI Controller
Last week @hdmoore published the details about
several vulnerabilities into the Supermicro IPMI firmware
. With the advisory's
release, several modules were landed into Metasploit in order to check
Supermicro's device against several of the published vulnerabilities:
Module Purpose smt_ipmi_static_cert_scanner
This module ca
2 min
November 2013 Patch Tuesday Summary
The November Patch Tuesday advisories are out, and across the board mixed
feelings own the day. Relief and frustration must be present for Windows and
Security administrators alike.
Relief because for the first time in a few months, this is a relatively
straightforward Patch Tuesday, with fixes for most Windows versions, the
ever-present IE roll up patch (MS13-088), and some Office components, but
nothing esoteric or difficult to patch. No SharePoint plugins, no complicated
.NET patching, no