The penetration testing world is fast moving and persistently demands new ideas, tools and methods for solving problems and breaking things. In recent years many people have gotten used to the idea of using Elasticsearch in the penetration testing workflow, most notably for hacking web applications.  

More and more companies and websites are opening bug bounty programs. If you have new tools in your arsenal that other people don’t use or understand yet, then you could be making a great deal more money from Bug Bounty hunting. This tutorial teaches you how to use new tools with Elasticsearch to give you that competitive edge. 

Keep reading

You probably found this article by searching if you can secure your Elasticsearch cluster by providing some sort of authentication mechanism. You might have come across many options like Shield, or some of the open-source authentication plug-ins available in Qbox, but you decided that you want to have some fun by creating your own plugin for authenticating the REST requests coming to Elasticsearch. 

In this tutorial we explain how you can plug-in basic authentication into Elasticsearch. This article is based on the APIs available in Elasticsearch 2.3.x.

Keep reading

In production environments, network security is ineluctable. When elasticsearch is deployed, there are many ways to secure the environment. You can use Ngnix, commercial products like Shield, open source products, or easily selectable plugins via Qbox. However, you can also create your own security plugins and have more control over security. This article is intended to give readers a running start on how to write their own in-house security plugin.

Keep reading

In terms of security, the internet has become a very hostile place. All kinds of bad guys from criminals to government agencies are out to hack you, and they must be taken seriously.

One thing about being a developer is that you build things with deadlines and you don't always have time to plan the security aspects of whatever it is you are developing. Attacking developers directly is becoming very popular as we can see from the hacking team hack, for example.

Elasticsearch is an extremely powerful tool not only for developers but also for system administrators. Some people log almost everything to Elasticsearch, including sensitive data. It is therefore very important that you restrict who is able to access your Elasticsearch clusters, as well as what you are logging to them.

Keep reading

VPC Peering with Qbox and AWS

Posted by Ben Hundley October 13, 2015

Qbox clients have the advantage of Virtual Public Cloud peering. With this networking connection, password protection or IP whitelisting becomes fail-safe against the unlikely scenario where AWS has a glitch in the configuration of a network. VPC peering promises data "sovereignty," assuring any data in the Qbox cluster is only sent to the requesting VMs owned by the customer.

In this article, we give a brief overview of this connection, its basics, and the process to enable it.

Keep reading

The security world seems to have a solid formula for instant success: discover an ultra-obscure vulnerability, publish it, assign some doomsday scenarios where it can be used, create a scary logo, and the press runs away with it.

The latest of these is Venom (CVE-2015-3456), which follows last year's Poodle and Heartbleed. Forbes put it best — and a sentiment echoed by the security people with whom we consult — it is "an interesting bug to the sorts of people who do exploit research for a living".


Keep reading