2 min
AIX coverage: See what you need to see
In a huge refinement to IBM AIX vulnerability coverage, Nexpose version 5.10.8
and later scans AIX machines for a specific set of patches related to known
vulnerabilities. This more focused approach provides easier management of AIX
machines by allowing you to see very quickly how affected systems are vulnerable
and which solutions need to be applied.
As Nexpose searches only for vulnerabilities, the scans are significantly
faster. This allows you to stay up to date with the published vulnerabi
2 min
How do You USB?
All the perimeter protection in the world won't stop an attack that doesn't get
checked by the security measures around your perimeter, assuming the perimeter
is still a viable term in today's distributed, mobile, and virtual world. If an
attacker were to drop a USB stick in a public area of your company, what are the
chances that USB stick eventually finds a USB port? Pretty good.
4 min
IT Ops
Monitoring & Analyzing AWS CloudTrail Data From Multiple AWS Regions
We recently released AWS CloudTrail integration with Logentries
– and not surprisingly we’ve seen a
significant uptick in adoption as one of our most popular integrations. My job
as director of customer success is to make things as simple for our customers as
possible. One question that consistently pops up, is how to collect AWS
CloudTrail logs from multiple AWS regions.
We follow Amazon’s best practices
6 min
Metasploit
Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10
In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit
Commercial Editions) to be a full-fledged Rails::Application. You may be
wondering why Metasploit Framework and prosvc, should be Rails applications when
they aren't serving up web pages. It all has to do with not reinventing the
wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine.
Rails 3.0 infrastructure
Since Rails 3.0, Rails has been broken into multiple gems that didn't require
each other a
2 min
Nexpose
Software defined security made real
This week were headed for VMworld 2014 in San Fransisco and we're excited to be
talking about how Rapid7 is partnering with industry leaders like Symantec, Palo
Alto Networks, and of course VMware to build out the VMware NSX security
ecosystem . Together we've
created an integrated system that collaborates together leveraging the NSX
platform to automate risk identification
and mitigation for VMware customers
9 min
Vulnerability Disclosure
R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks
Overview
As part of Rapid7 Labs' Project Sonar , among
other things, we scan the entire public IPv4 space (minus those who have opted
out) looking for listening NTP servers. During this research we discovered some
unknown NTP servers responding to our probes with messages that were entirely
unexpected. This lead to the writing of an NTP fuzzer in Metasploit
3 min
IT Ops
How to Integrate Go / GoLang with Logentries
Would you like to send logs from your Go program code into your Logentries
account?Thanks to the help of Gal Ben-Haim’s, bsphere Golang library for log
entries , Go coders can be sending their logs
to Logentries in no time at all. Benefits of using this Go Lang library and
implementing with your Logentries account include:
* Remote viewing and analysis of your Go program log events
* All your logs are sent to one location, and viewed through an easy to use
2 min
Metasploit
Feedback on Rapid7's Tech Preview Process and Metasploit Pro 4.10
By guest blogger Sean Duffy, IS Team Lead, TriNet
Rapid7 invited me to participate in pre-release testing of Metasploit 4.10, a
process they call Tech Preview. They asked me to openly share my thoughts with
the community.
Preparation and Logistics
I always enjoy working with Rapid7. Preparatory meetings and documentation made
the installation and testing process a breeze. Rapid7 was also kind enough to
extend my testing and feedback sessions when work so rudely intruded on the fun.
Zero comp
4 min
Events
More SNMP Information Leaks: CVE-2014-4862 and CVE-2014-4863
Today, Rapid7 would like to disclose a pair of newly discovered vulnerabilities
around consumer and SOHO-grade cable modems, the Arris DOCSIS 3.0 (aka,
Touchstone cable modems) and Netmaster Wireless Cable Modems. Both exposures
were discovered by Rapid7's Deral Percent_X
Heiland and independent researcher Matthew Kienow. The duo plan to discuss these
and other common vulnerabilities and configuration issues at DerbyCon near the
end of September. In the meantime,
3 min
IT Ops
Real-time Alerting on Anomaly and Inactivity Made Simple.
“a·nom·a·ly”
1. Deviation or departure from the normal or common order, form, or rule.
When someone is looking to be alerted when something unexpected happens within
their environment they are usually referring to anomaly detection. But the
problem is that it’s hard to turn a complex problem (i.e. looking for something
when you are not sure what it is) into an easy to use solution.
The thing about anomaly detection is that you don’t know how the issue will
present itself so predicting the patte
1 min
Metasploit
msfconsole failing to start? Try 'msfconsole -n'
As part of the last release, the Metasploit Engineering team here at Rapid7 has
been on a path of refactoring in the Metasploit open source code in order to
make it more performant and to get toward a larger goal of eventually breaking
up the framework into a multitude of libraries that can be used and tested in a
standalone way.
This effort will make it easier to deliver features and respond to issues more
quickly, as well as ensure that regressions and bugs can get diagnosed, triaged,
and fix
4 min
Metasploit
Hunting for Credentials: How Metasploit Pro Beat Me on the Command Line
By guest blogger Robert Jones, Information Security Manager, City of Corpus
Christi
I had the opportunity to participate in a tech preview of Metasploit Pro's new
credentials features. In our shop, we use Metasploit Pro, Nexpose, UserInsight
and ControlsInsight, all by Rapid7. I certainly wish I could spend the majority
of my time pentesting, but instead I often times I find myself using Metasploit
to educate users by showing them how I can compromise their machines. It is
incredibly compelli
6 min
IT Ops
An APM Solution Divided Cannot Stand
This post originally appeared onthe Smart Bear blog
. To read
more content like this, subscribe to the Software Quality Matters Blog
.
Frustrations with lack of tool unification might just lead to revolution in the
APM space…
Application Performance Management (APM) is a broad concept, and many
technologies fall under its umb
3 min
IT Ops
Evolve, Don't Revolve
Logs have been around for a while, not quite as long as the wheel, but not far
off. Here at Logentries, we have the mantra of evolve don’t revolve (as in don’t
sit around spinning your wheels getting nowhere). We are taking this concept
and looking to evolve the way you work with and think about your log data.
Gone are the old days, where you only used logs to find exceptions. A new day
has dawned, and the future is here, the future is Logentries (
2 min
Metasploit
Metasploit Pro's New Credentials Features Save Us Time in Workflows
By guest blogger Dustin Heywood, Manager, Security Assurance, ATB Financial
Recently I was invited to participate in Metasploit Pro's Tech Preview Program,
where customers are given early access to new product releases. I've taken part
in this program before and I have always loved the experience.
For those of you who haven't been involved in a Rapid7 Tech Preview program: It
starts out with a call with the customer engagement manager and the product
management team, who gave me an overview