2 min
May 2013 - Patch Tuesday, the "yet another IE 0-day edition"
Going into this patch Tuesday the big question was: will MS13-038 address the “
Department of Labor IE 0-day (CVE-2013-1347)
”?
Microsoft had hinted strongly that a patch was on the way, with the unspoken
caveat that there is always a risk of a it getting pulled at the last minute for
quality issues. As it turns out, MS13-038 is what was expected and should
address the “Department of Labor IE 0-day,” which is great. So hooray f
4 min
Vaccinating systems against VM-aware malware
The neverending fight with malware forced researchers and security firms to
develop tools and automated systems to facilitate the unmanageable amount of
work they've been facing when dissecting malicious artifacts: from debuggers,
monitoring tools to virtualized systems and sandboxes.
On the other side, malware authors quickly picked them up as easy indicators of
anomalies from their target victims' systems.
This has initiated a still ongoing arms race between malware writers and malware
analy
1 min
IT Ops
Switching between UTC and local time
All Logentries servers are configured for the UTC timezone. We use this as the
default timezone for all internal data including customer’s logs. However, at
the browser UI level we detect a user’s local timezone and present all dates in
a more human friendly way, i.e. in the local time.
We now allow users to change their time zone to UTC. This can be very handy when
you manage systems in multiple regions or have a distributed development team
where you want to have a common timezone that you ca
1 min
Metasploit
Metasploit's 10th Anniversary: Laptop Decal Design Competition
When I wrote up the Metasploit Hits 1000 Exploits post back in December, I had
to perform a little open source forensic work to get something resembling an
accurate history of the Metasploit project -- after all, it's difficult for me
to remember a time on the Internet without Metasploit. I traced the first
mention of 1.0 back to this mailing list post
in 2003. You know what that
means, right? This year marks the 10th year of the Metasploit Fr
4 min
Apple
Abusing Safari's webarchive file format
tldr: For now, don't open .webarchive files, and check the Metasploit module,
Apple Safari .webarchive File Format UXSS
Safari's webarchive format saves all the resources in a web page - images,
scripts, stylesheets - into a single file. A flaw exists in the security model
behind webarchives that allows us to execute script in the context of any domain
(a Universal Cross-site S
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
3 min
Microsoft
Microsoft EMET 4.0 might be the best enterprise security tool you're not using yet
Cross-posted from dangerous.net
Last week Microsoft announced
their 4.0 beta release of EMET (Enhanced Mitigation Experience Toolkit). If you
are responsible for securing Windows systems, you should definitely be looking
at this free tool if you haven't already.
EMET is a toolkit provided by Microsoft to configure security controls on
Wi
4 min
Metasploit
How To Do Internal Security Audits Remotely To Reduce Travel Costs
An internal penetration tests simulates an attack on the network from inside the
network. It typically simulates a rogue employee with user-level credentials or
a person with physical access to the network, such as cleaning staff, trying to
access resources on the network they're not authorized for.
Internal penetration tests typically require the auditor to be physically
present in the location. If you are working as a consultant, then conducting
internal penetration tests can mean a lot of
2 min
Microsoft
Patch Tuesday - April 2013 Edition!
The April 2013 MS Tuesday advisories are is out and it forecasts an interesting
patching session for Microsoft administrators. There are 9 advisories, for 14
CVEs, affecting 16 distinct platforms in 5 categories of Microsoft products,
including the not-often-seen patching of “Microsoft Office Web Apps” and
“Microsoft Security Software”.
Once again there is an IE patch (MS13-028) which is rated critical, but this one
differs from last month's incarnation by applying to all supported versions
1 min
Video Tutorial: Installing Kali Linux on Virtual Box
Author: Jeremy Druin
Video Release Announcements: Twitter @webpwnized
Title: Installing Kali Linux on Virtual Box with Nessus and Metasploit
Link: Installing Kali Linux on Virtual Box with Nessus and Metasploit - YouTube
This video is from the April 2013 workshop of the KY ISSA covering the
installation of Kali Linux 1.01 on Virtual Box . Please see notes below the
video.
Notes:
1. Kali version 1.01 64-bit was used in making the video but th
2 min
Metasploit Now Supports Plan 9, the Evolution of Unix
Unix, Evolved
Today, we are delighted to announce the next phase of Metaploit's
expanded support for more diverse host
operating systems. On the heels of our integration work with Kali Linux, we've
been heads-down on putting the finishing touches on our support for the future
of Unix, Plan 9 from Bell Labs.
This renewed commitment to Plan 9 will come as a welcome relief for those of you
who have, until now, been stuck on hobby operating systems such as L
2 min
Weekly Update: Introducing Metasploit 4.5.3
Version bump to Metasploit 4.5.3
This week, we've incremented the Metasploit version number by one trivial point
to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the
four
most
recent
vulnerabilities
4 min
Internet Census 2012 - Thoughts
This week, an anonymous researcher published the results of an "Internet Census"
- an internet-wide scan conducted using 420,000 insecure devices connected to
the public internet and yielding data on used IP space, ports, device types,
services and more. After scanning parts of the internet, the researcher found
thousands of insecurely configured devices using insecure / default passwords on
services and used this fact to make those devices into scanning nodes for his
project. He logged into the
2 min
Nexpose
Calculating Your Average Scan Time
If you are looking to balance out your scan schedule or add new scans to the
mix, it can be helpful to get some direct insight into how much time a new scan
is going to take. One way to estimate that is based upon how long your current
scans are already taking.
To that end, I threw together a script that looks at current scan history and
calculates average scan time per asset. To keep some balance, I only look at
Full audit scans and their live assets. I then calculate the average number of
min
3 min
Patch Tuesday - March 2013 Edition!
Microsoft March 2013 security bulletins are bringing us a slightly
lighter-than-usual patching load and, perhaps, a slightly muted patching urgency
compared to recent months. There are seven advisories, though they cover 20
unique vulnerabilities. Four of the advisories are listed as “Critical”, but
only the first one which applies to all supported versions of Internet Explorer
(6-10) seems likely to be an immediate threat to the average user.
The IE advisory (MS13-021) contains 9 distinct CV