All Posts

4 min Logentries

MongoDB Log Analytics

MongoDB 3.0 is now available! If you are new to MongoDB or upgrading from 2.6, you will enjoy all of the new features including document-level locking, better write performance, big memory support, and more. Additionally, to improve usability of the log messages for diagnosis, MongoDB now categorizes some log messages under specific components, operations, and provides the ability to set the verbosity level for these components. Today, Logentries is launching a new Community Pack for MongoDB

3 min

Weekly Metasploit Wrapup: Stageless Meterpreter and the Revenge of Stuxnet

Stageless Meterpreter Remember the Metasploit Pop Quiz we ran about a month back? Well, we got tons of support from you, the Metasploit users, and have been picking out what you want to see and have started turning those wishes into reality. I know HD , Brent , and OJ are working up a much more exhaustive blog post for next week to lay out what's going where and

4 min

Securing Credit Lines: Eating Our Own Dogfood

We InfoSec (or cybersecurity) folks, we're full of all kinds of sage wisdom: “Put a password on your phone, tell it to self destruct after 10 failed attempts” … check! “Set up WPA2 on your home network!” … check! “Install patches as fast as you can!” … (well, as best as I can?) …check! “Freeze your credit reports!” … static “Dogfooding ” (verb, slang) is a term used to reference a scenario in which a company uses its own product to va
2 min IT Ops

New Logentries Cookbook for Chef

We have released our logentries_agent cookbook to supermarket.chef.io ! You can check out the docs here, or I’ve developed the following brief tutorial to walk you through how to automate your installation of the Logentries Linux Agent in your own infrastructure. First off, I

2 min

Are you really protected against Group Policy Bypass and Remote Code Execution? MS15-011 & MS15-014

In February, Microsoft published two hotfixes to address issues with Group Policies. * Microsoft Security Bulletin MS15-011 - Critical * Microsoft Security Bulletin MS15-014 - Important Together, these patches address the following issues: * CVE-2015-0008 MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) | Rapid7

1 min

Patch Tuesday, March 2015

This month Microsoft has released 14 new bulletins, 5 of which are rated as “Critical” and another 9 as “Important”. As a déjà vu from last month, a critical remote code execution vulnerability (MS15-018) affecting all supported Internet Explorer versions (6-11) is being patched, which addresses 12 CVEs. The patch addresses issues with Internet Explorer's memory management that could allow the remote corruption of memory and result in the execution of malicious code as the current user. As alway
4 min IT Ops

Terminology Nerd War: APM, Log Analysis & More

Just the other day I was hanging out with my developer buddy. We entered what we thought would be an interesting topic on how you cannot call an environment “DevOps” without analytics. But we soon were in a nerd war on what a term meant. Yes, this is what I talk about in my free time. !(https://blog.rapid In the thick of it, we both used the term “Server Monitoring.” But neither of us were talking about the same thing. I was referring to log man
2 min InsightIDR

Tracking Web Activity by MAC Address

In this blog post we explore the benefit of tracking web activity by MAC address. Learn more.
5 min Apple

Top 10 list of iOS Security Configuration GIFs you can send your friends and relatives

Easily share these animated iOS Security tips with friends and relatives! While iOS is generally considered to be quite secure, a few configuration items can improve its security. Some changes have very little functionality impact, while others are more visible but probably only needed in specific environments. This guide contains some of the most important, obvious ones, and contains a GIF for each configuration step to be taken. If you already know everything about iOS security, use this a
3 min IT Ops

Why Interoperability is a Key Requirement for Your DevOps Toolkit

Today’s DevOps culture drives the requirement for development and ops teams to share tooling and to combine lots of different services/processes to give them visibility into their systems throughout the system life cycle. For example the modern DevOps toolkit will consistently include the following categories of tools (and more…): * APM (e.g. New Relic, AppDynamics, AppNeta, AlertSite) * Team Communication (e.g. Slack

3 min IT Ops

Getting Started with the Logentries & Logstash Integration

Logstash is an open source tool for managing events and logs. It is used to collect, search and store logs for later use. If you are using Logstash to collect logs from across your infrastructure already, and you are looking for more sophisticated log analytics tool, you are in the right place. I will show you how to configure Logstash to forward all your logs to your Logentries account using the plugin and token connection. Prerequisites * Logstash downloaded and co
3 min IT Ops

Logging Your Entire Software Delivery Pipeline

When we think of traditional development and production operations, we often put everything into a linear software delivery pipeline that starts with a development backlog, and ends with production monitoring. We slot tools at each stage, and for the most part, keep everything segmented. Log analysis is a common tool in that chain but where does it fit? At the end? I think not. Log analysis can be used throughout your entire software delivery pipeline. The linear pipeline
4 min IT Ops

Acceptance Tests In Practice - Behavior Driven Development

What is Acceptance Testing? "Acceptance testing is a test conducted to determine if the requirements of a specification or contract are met.” (Wikipedia definition ) In simple words, Acceptance tests check if the software that we have built matches the requirements that were provided. The Magical Black Box Acceptance testing is usually performed using “black box ” testing method. The tester of the system k
1 min Metasploit

Nexpose and Metasploit Training and Certification Courses Filling Up Fast!

Looking to amp-up or fine-tune your security prowess? UNITED conference attendees get the chance to do just that by registering for additional small group training and certification courses (Nexpose Basic, Metasploit Basic, and Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling up quickly! Save your spot now for two days of formalized, curriculum-based training with Rapid7 experts . You'll get to: * Share best p
2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 and MS15-014 – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi

Popular Topics

Tags