3 min
Metasploit
Weekly Update
Windows Meterpreter: Reloaded
If you've been around Metasploit for any length of time, you know that
Meterpreter is the preferred and de facto standard for manipulating a target
computer after exploit. While Meterpreter and Metasploit go hand-in-hand, we did
manage to get some code seperation between the two by breaking Windows
Meterpreter out to its own open source respository on GitHub
.
As threatened in a previous blog post ,
2 min
Site Import Procedure
The ControlsInsight product provides a Manage tab in its UI that allows users to
filter assets by site. Sites viewed in this Manage tab are taken directly from
the names of the sites as it exists in Nexpose. This feature allows users to
segregate the data assessed and displayed in ControlsInsight.
Assessments.
Assessment is the process by which ControlsInsight analyses asset data to
determine your threat posture. Assessments can only happen after a scan is
complete. This means that if yo
3 min
Metasploit
Weekly Update: MSIE, GE Proficy, and handling Metasploit merge conflicts
Exploiting Internet Explorer (MS13-055)
This week, we open with a new IE exploit. This is a pretty recent patch (from
July, 2013), and more notably, it appears it was silently patched without
attribution to the original discoverer, Orange Tsai. So, if you're a desktop IT
admin, you will certainly want to get your users revved up to the latest patch
level. Thanks tons to Peter WTFuzz Vreugdenhil and
of course Wei sinn3r Chen for knocking
3 min
Video Tutorial: Introduction to XML External Entity Injection
Title: Video Tutorial: Introduction to XML External Entity Injection
Author: webpwnized
From: ISSA KY Sept 2013 Workshop (Louisville, KY)
Twitter: @webpwnized
This video introduces XML injection to achieve XML external entity injection
(XXE) and XML based cross site scripting (XSS). Please find notes used/mentioned
in video posted below the video.
1. What is XML injection
2. What is an "entity"
3. What is entity injection
4. Cross site
3 min
Microsoft
Patch Tuesday, Sept 2013
September's Patch Tuesday is live! The 14 bulletins predicted were cut to 13,
with the .NET patch landing on the cutting room floor. A patch getting pulled
after the advance notice is up usually indicates that late testing revealed an
undesired interaction with another product or component.
Of the 13 bulletins remaining they are split 7/6 between the MS Office family
and Windows OS patches, if we are counting the Internet Explorer patch as part
of the OS patching, anti-trust lawsuits notwiths
2 min
Product Updates
Weekly Update: Apple OSX Privilege Escalation
Sudo password bypass on OSX
This week's update includes a nifty local exploit for OSX, the sudo bug
described in CVE-2013-1775. We don't have nearly enough of these Apple desktop
exploits, and it's always useful to disabuse the Apple-based cool-kids web app
developer crowd of the notion that their computing platform of choice is
bulletproof.
Joe Vennix , the principle author of this module,
is, in fact, of that very same Apple-based developer crowd, and usually bu
3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.
2 min
Metasploit
Firewall Egress Filtering
Why And How You Should Control What's Leaving Your Network
Most companies have firewall rules that restrict incoming traffic, but not
everyone thinks to restrict data leaving the network. That's a shame, because a
few easy configurations can save you a lot of headaches.
Firewall egress filtering controls what traffic is allowed to leave the network,
which can prevent leaks of internal data and stop infected hosts from contacting
their command & control servers. NAT alone won't help you - you ac
2 min
Nexpose
Rapid7 part of VMware NSX Partner ecosystem
We're very excited that VMware is showcasing Rapid7 as an official VMware NSX
Partner
at VMworld 2013 this week, demonstrating how we provide best-in-class
vulnerability management for virtual networks.
Rapid7 has been a longtime partner with VMware. In 2011, we introduced our
vAsset discovery
method that allows Nexpose to have real-time visib
9 min
Upcoming G20 Summit Fuels Espionage Operations
The international policy and financial community is in ferment for the upcoming
G-20 summit, scheduled to kick-off in St Petersburg, Russia, in two weeks from
now. The "Group of Twenty" consists of political leaders, finance ministers and
bank governors from 19 economically-prominent countries, along with
representatives of European Union institutions.
The group has been meeting regularly every year since 2008 in private meetings
where the participants discuss and agree on international financ
3 min
Product Updates
Weekly Update: Cooperative Disclosure and Assessing Joomla
Cooperative Disclosure
I'm in attendance this year at Rapid7's UNITED Security Summit, and the
conversations I'm finding myself in are tending to revolve around vulnerability
disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every
day, it happens often enough that we have a disclosure policy that we stick to
when we get a hold of newly uncovered vulnerabilities.
What's not talked about in that disclosure policy is the Metasploit exploit dev
community's willingness to help
9 min
Malware
ByeBye Shell and the Targeting of Pakistan
Asia and South Asia are a theater for daily attacks and numerous ongoing
espionage campaigns between neighboring countries, so many campaigns that it's
hard to keep count. Recently I stumbled on yet another one, which appears to
have been active since at least the beginning of the year, and seems mostly
directed at Pakistani targets.
In this article we're going to analyze the nature of the attacks, the
functionality of the backdoor - here labelled as ByeBye Shell - and the quick
interaction I h
2 min
Microsoft
August Patch Tuesday
Oh noes! Fire! Look out! Run in circles, scream and shout! There's a remotely
exploitable, publicly disclosed, critical remote code execution vulnerability in
Microsoft Exchange (MS13-061)! Prepare for the end of teh interwebs.
But wait, is it really remotely exploitable? Well, not in the sense that user
interaction is not required, it's a parser issue that is only triggered by a
user opening a malicious message in Outlook Web Access (OWA).
Okay, but it's still publicly disclosed right? I mean
2 min
IT Ops
Field-level search
Back in July we announced a substantial improvement to our search functionality,
searching your log data with logical operators
. Today we are happy to announce
another big step in improving our search facility. You can now perform **
field-level searches **in Logentries.
Field-level searches allow you to search for events where a particular field is
equal to, less than or greater than a particular value and thus al
0 min
Metasploit
SecureNinjaTV Interview: Tod Beardsley About Metasploit 10th Anniversary
At Black Hat 2013 in Vegas this year, our very own Tod Beardsley was cornered by
SecureNinja TV and social engineered into giving an interview. Here is the
result - captured for eternity:
Click here to download Metasploit Pro