5 min
Metasploit
Unicode Support in Meterpreter
A short, mostly-accurate history of character encodings
In the beginning, when you wanted to use a computer to store text, there were
not many options - you inherited something from punchcards like EBCDIC or
invented something convenient and unique to your system. Computers did not need
to talk to each other, so there was not much point in standardizing between
vendors. Things were pretty simple.
Then, there came the need for computers and vendors to interoperate and
communicate. Thus, ASCII an
8 min
Metasploit
Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.
The Survey
One month ago we asked the community for feedback about how they use Metasploit
and what they want to see in the Meterpreter payload suite going forward. Over
the course of a week we received over 400 responses and over 200 write-in
suggestions for new features. We have spent the last month parsing through your
responses, identifying dependencies, and actively delivering new features based
on your requests. These requests covered 20 different categories:
General Feedback Metasploit F
6 min
Incident Detection
Let's talk about metrics...
Today I read an article on metrics and it was interesting. Here's the link to
the original article.
I am kind of a metrics geek. When done well, a metrics program can be of extreme
value to a security program. However, when done badly, they can cloud your
vision and make it difficult to notice that your radar is off by a few degrees.
The article addressed severa
10 min
Deep Dive Into Stageless Meterpreter Payloads
Metasploit has long supported a mixture of staged and stageless payloads within
its toolset. The mixture of payloads gives penetration testers a huge collection
of options to choose from when performing exploitation. However, one option has
been missing from this collection, and that is the notion of a stageless
Meterpreter payload. In this post, I'd like to explain what this means, why you
should care, and show how the latest update to Metasploit and Meterpreter
provides this funky new feature
5 min
Using Host Tagging in Metasploit for Penetration Testing
Hello my fellow hackers! Tag, you're it!
For today's blog post, I'd like to talk about host tagging a little bit in
Metasploit. If you are a penetration tester, a CTF player, or you just pop a lot
of shells like a rock star, then perhaps this will interest you. If you have
never used this kind of feature, then hopefully this blog post will bring you a
new idea on how to approach host management.
So what is host tagging? Well, the idea is simple really. It's a way to label
your targets and make
7 min
Logentries
The Flexbox Paradigm: CSS3 Layout for Today’s Applications
Introduction
Controlling the layout of web pages and applications has always been a little
tricky. In the beginning, there were almost no mechanisms for page layout, other
than some basic formatting of html tags. We could apply some font styling, add
background colors, and with the use of paragraph’s and line breaks could achieve
some block spacing.
With the introduction and evolution of CSS, it gave us further control, but more
importantly, control over the elements box model. We could now f
3 min
Events
The Return of Rapid7 Rapid Fire: A spirited infosec debate, round 3
The topics: Controversial. The answers: Unfiltered. The alcohol: Plentiful.
I'm talking about Rapid7 Rapid Fire -- it's happening for a third time this June
in Boston. Bonus: This year, It's totally free and open to the public, so please
join us!
What is it?
It's a panel debate where we ask some big names in infosec to argue for or
against a number of controversial topics in our field. To make things
interesting, the panelists are often asked to debate a side of the argument they
might not ev
4 min
Logentries
MongoDB Log Analytics
MongoDB 3.0 is now available! If you are new to MongoDB or upgrading from 2.6,
you will enjoy all of the new features including document-level locking, better
write performance, big memory support, and more. Additionally, to improve
usability of the log messages for diagnosis, MongoDB now categorizes some log
messages under specific components, operations, and provides the ability to set
the verbosity level for these components.
Today, Logentries is launching a new Community Pack for MongoDB
3 min
Weekly Metasploit Wrapup: Stageless Meterpreter and the Revenge of Stuxnet
Stageless Meterpreter
Remember the Metasploit Pop Quiz we ran
about a month back? Well, we got tons of support from you, the Metasploit users,
and have been picking out what you want to see and have started turning those
wishes into reality. I know HD , Brent
, and OJ are
working up a much more exhaustive blog post for next week to lay out what's
going where and
4 min
Securing Credit Lines: Eating Our Own Dogfood
We InfoSec (or cybersecurity) folks, we're full of all kinds of sage wisdom:
“Put a password on your phone, tell it to self destruct after 10 failed
attempts” … check!
“Set up WPA2 on your home network!” … check!
“Install patches as fast as you can!” … (well, as best as I can?) …check!
“Freeze your credit reports!” … static
“Dogfooding ” (verb,
slang) is a term used to reference a scenario in which a company uses its own
product to va
2 min
IT Ops
New Logentries Cookbook for Chef
We have
released our logentries_agent cookbook to supermarket.chef.io
! You can check out the
docs here, or I’ve
developed the following brief tutorial to walk you through how to automate your
installation of the Logentries Linux Agent
in your own infrastructure.
First off, I
2 min
Are you really protected against Group Policy Bypass and Remote Code Execution? MS15-011 & MS15-014
In February, Microsoft published two hotfixes to address issues with Group
Policies.
* Microsoft Security Bulletin MS15-011 - Critical
* Microsoft Security Bulletin MS15-014 - Important
Together, these patches address the following issues:
* CVE-2015-0008 MS15-011: Vulnerability in Group Policy Could Allow Remote
Code
Execution (3000483) | Rapid7
1 min
Patch Tuesday, March 2015
This month Microsoft has released 14 new bulletins, 5 of which are rated as
“Critical” and another 9 as “Important”. As a déjà vu from last month, a
critical remote code execution vulnerability (MS15-018) affecting all supported
Internet Explorer versions (6-11) is being patched, which addresses 12 CVEs. The
patch addresses issues with Internet Explorer's memory management that could
allow the remote corruption of memory and result in the execution of malicious
code as the current user. As alway
4 min
IT Ops
Terminology Nerd War: APM, Log Analysis & More
Just the other day I was hanging out with my developer buddy. We entered what we
thought would be an interesting topic on how you cannot call an environment
“DevOps” without analytics.
But we soon were in a nerd war on what a term meant.
Yes, this is what I talk about in my free time.
!(https://blog.rapid
In the thick of it, we both used the term “Server Monitoring.” But neither of us
were talking about the same thing. I was referring to log man
2 min
InsightIDR
Tracking Web Activity by MAC Address
In this blog post we explore the benefit of tracking web activity by MAC address. Learn more.
