5 min
IT Ops
How To Receive Log Alerts Via Flashing Lights In Your Office or Home
This is a guest blog post by Jason Ruane, the technical director atMoposa
, a place for brides and grooms to plan and manage their
wedding. In this post Jason describes how he used a Wi-Fi enabled light and
Logentries alerts to receive Logentries alerts via flashing lights in his house.
Jason and his team are long time users of Logentries, analyzing all their logs
from multiple servers in one centralized, cloud location.
How I receive my Logentries alerts via home lighti
2 min
Metasploit
Staying Stealthy: Passive Network Discovery with Metasploit
One of the first steps in your penetration test is to map out the network, which
is usually done with an active scan. In situations where you need to be stealthy
or where active scanning may cause instability in the target network, such as in
SCADA environments, you can run a passive network
scan to avoid detection and reduce disruptions. A passive network scan
stealthily monitors broadcast traffic to identify the IP addresses of hosts on
the network. By initially running a passive scan, you c
4 min
Android
National Cyber Security Awareness Month: Keeping Mobile Devices Safe
To mark National Cyber Security Awareness Month, we're trying to help you
educate your users on security risks and how to protect themselves, and by
extension your organization. Every week in October we'll provide a short primer
email on a different topic relating to user risk. The idea is that you can copy
and paste it into an email and send it around your organization to promote
better security awareness among your users. The first post was on phishing
2 min
Government
GestioIP Authenticated Remote Command Execution module
GestioIP is an open-source IPAM (IP Address Management) solution available on
Sourceforge, written in Perl.
There is a vulnerability in the way the ip_checkhost.cgi deals with pinging IPv6
hosts passed to it. If you pass an IPv4 address, the CGI uses a Perl library to
perform the ping and return the results to the user.
However, this library doesn't seem to support IPv6 hosts, so the developer uses
the ping6 utility to perform the ping of an IPv6 machine. The developer did
perform some validat
3 min
It's the Great Pumpkin Patching Contest, Charlie Brown!
It's October! You all know what that means! That's right! It's National Cyber
Security Awareness Month
!
Oh...some of you thought Halloween...right. Well let's see if we can shoe-horn
those two together.
Browsing the internet can be a little scary at times. Kind of like trick or
treating, there are houses you know to avoid because the lights are out, but how
do you avoid the house where they've gone on a health kick and are
3 min
Metasploit Releases CVE-2013-3893 (IE SetMouseCapture Use-After-Free)
Recently the public has shown a lot of interest in the new Internet Explorer
vulnerability (CVE-2013-3893
) that has been
exploited in the wild, which was initially discovered in Japan. At the time of
this writing there is still no patch available, but there is still at least a
temporary fix-it that you can apply from Microsoft, which can be downloaded here
.
The nitt
6 min
Scanning All The Things
Introduction
Over the past year, the Rapid7 Labs team has conducted large scale analysis on
the data coming out of the Critical.IO and Internet Census 2012 scanning
projects. This revealed a number of widespread security issues and painted a
gloomy picture of an internet rife with insecurity. The problem is, this isn't
news, and the situation continues to get worse. Rapid7 Labs believes the only
way to make meaningful progress is through data sharing and collaboration across
the security communi
0 min
Welcome to Project Sonar!
Project Sonar is a community effort to improve security through the active
analysis of public networks. This includes running scans across public
internet-facing systems, organizing the results, and sharing the data with the
information security community. The three components to this project are tools,
datasets, and research.
Please visit the Sonar Wiki for more
information.
3 min
Exploits
Weekly Update: New Exploits for MS13-069, MS13-071
Let's Curbstomp Windows!
This week, we've got two new exploits for everyone's favorite punching bag,
Microsoft Windows. First up, we'll take on Microsoft Internet Explorer. MSIE has
a long and storied history of browser bugs, but truth be told, they're really
pretty hard to exploit reliably these days. If you don't believe me, take a look
at the hoops we had to jump through to get reliable exploits together for
MS13-069.
MS13-069 w
4 min
Metasploit
Change the Theme, Get a Shell: Remote Code Execution with MS13-071
Recently we've added an exploit for MS13-071
to
Metasploit. Rated as "Important" by Microsoft, this remote code execution, found
by Eduardo Prado, for Windows XP and Windows 2003 environments is achieved by
handling specially crafted themes. In this blog post we would like to discuss
the vulnerability and give some helpful tips for exploiting it from Metasploit.
First of all, the bug occurs while handling the section on
2 min
Understanding Security Control Grades
One of the most valuable features of ControlsInsight is its ability to
prioritize security control improvement guidance as a sequence of next steps. It
does this by grading each security control configuration and ordering the
guidance for each configuration by grade. ControlsInsight calculates the grade
for each security control configuration based upon the coverage of that
configuration across all assessed assets and a weight assigned to that
configuration.
Coverage
Coverage is the measure of
2 min
Internet Explorer
IE 0-day: exploit code is now widely available (CVE-2013-3893)
Any newly discovered Internet Explorer zero day vulnerability is bad for users.
But once the exploit code gets around to public disclosure sites, it's so much
worse. In the past day or so exploit code has been submitted to virustotal.com
and scumware.org.
Users and administrators should take immediate action to mitigate the risk posed
by CVE-2013-3893. Considering the timing, I personally expect to see an out of
band patch from Microsoft before October's patch Tuesday, but that is just
specu
2 min
IT Ops
How to Log Client-side JavaScript Events – Logging for the Web with le.js
At Logentries we provide a comprehensive collection of client libraries
and inputs
which make it easy to dispatch log events from any tier in your existing
infrastructure. Until now though, one platform has been left out, and it’s the
most ubiquitous and widely-understood of all- the browser. Collecting events
from the browser presents a number of challenges which have hindered the
development of a viable solution:
* There’s n
5 min
Kvasir: Penetration Data Management for Metasploit and Nexpose
Data management is half the battle for penetration testing, especially when
you're auditing large networks. As a penetration tester with Cisco's Advanced
Services, I've created a new open source tool called Kvasir that integrates with
Metasploit Pro, Nexpose, and a bunch of other tools I use regularly to aggregate
and manage the data I need. In this blog post, I'd like to give you a quick
intro what Kvasir does - and to invite you to use it with Metasploit Pro.
Cisco's Advanced Services has b
2 min
Government
Federal Friday – 9.20.13 – The Air Gapped-Off line Edition
September 20th. Yup, I said it. We are two days away from the Autumnal Equinox,
and I find myself asking; where have the spring and summer gone? With about 6
working days left in the federal FY13 most of us are knee deep in year-end wrap
and FY14 prep (even though that might be delayed a little while).
I read a nice article in the New York Times last weekend by Matthew L. Wald
called “Imagining a Cyberattack on the Power Grid