January 26, 2024 Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” Kroll said in an analysis published last week. The risk …
January 12, 2024 Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. “It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection …
September 16, 2023 The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. “This suggests that the threat actors are streamlining operations by making their techniques multipurpose,” Trend Micro researchers said in a new analysis published this …
March 12, 2023 The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is …
August 3, 2022 A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. “Once …
July 21, 2022 The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. “These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022,” Palo …
In today’s digital era, we forgot about sending letters to our friends; nowadays, we have emails. As cybersecurity experts, we have lots of encounters with suspicious target emails, sometimes during red teaming for information gathering we also need to go offensive to extract details of a person from e-mail address. Usually we analyze metadata, tracing the email’s journey through servers to pinpoint its origin. Then, we analyze the sender’s identity or other information, checking if their are signs of impersonation or phishing. Next, we carefully examine the email’s content for malicious links or attachments. But that is a manual process and seems very boring for a lazy person.
Mosint the Mail OSINT
If we have a OSINT (Open Source Intelligence) tool, then manually checks? Today on our deck we have an OSINT tool called Mosint (did this name came from Mail OSINT?). Mosint is an automated email OSINT tool written in Go language that allows us to investigate for target emails in a fast and efficient manner. It consolidates numerous services, enabling security researchers to swiftly access a wealth of information.
Now it’s time to install Mosint on our Kali Linux system. Here we are using Kali Linux system but on the same way we can install it other Debian-based Linux distributions.
It is on the Go language so first we need to install Go language on our system by using following command:
sudo apt install golang -y
The above command will install Golang on our Kali Linux system, as we can see in the following screenshot:
If this method of installing Golang isn’t working then we can install it manually by following our old article about installing Golang on Kali Linux system.
Now we have installed Golang on our Kali Linux system and now we are all set to install Mosint. We can clone it from GitHub and install it but that thing we did on all GitHub cybersecurity tools. What if today we do something different. Today we are gonna install and run it via Docker. Now a Docker container is a lightweight, portable, self-sufficient package that includes all necessary components to run program. We already have a dedicated article on Docker.
Docker comes pre-installed on Kali Linux’s almost all versions but in case we need to install it we can run following command:
sudo apt-get install docker.io -y
in the following screenshot we can see that we already have docker on our system.
Now we can easily install Mosint on our system via docker by simply using following command:
sudo docker build -t mosint .
We can see the process of above command on the following screenshot:
It may take a minute depending on our internet speed and system configuration. After the setup is complete we run the Mosint tool via Docker. First let’s check the help options via following command:
sudo docker run mosint --help
In the above command first we use sudo command to run Docker as the superuser or root user otherwise it will show us “permission denied” issue. Then we call Docker and command it to run run Mosint then we can use Mosint’s flags to use it, as example here we used the –help flag to see what we can do with Mosint, as we can see in the following screenshot:
Let’s not wasting anymore time and run it against an e-mail address. So the command will be as following:
In the place of [email protected] we need to put our target e-mail id. Here for example we choose our business e-mail address and we can see the output on the following screenshot:
On the following screenshot we can see the result:
Mosint can check various services to gather information of an e-mail id. On the above screenshot we can see various details like It’s not a disposable mail address, IP address of mail service provider, Social media account information (yes we don’t have any with this mail), and even Google search results.
Mosint’s main features are:
Fast and simple email-based scanning
Optimized for ease of use and lightweight on resources
Email verification and validation
Checking Social Media Accounts
Checking data breaches and password leaks
Finding related emails and domains
Scanning pastebin dumps
Google Search
DNS/IP Lookup
Output to JSON file
Services used by Mosint
There are lot’s of functions are in this Mosint tool. It also uses some online services like
Some of the above services requires to put API keys on the Mosint tool for details we can check their GitHub repository.
Extra Talks About E-mail’s Forensics
This is the basics to gather information about a target mail id. Previously we need to do things manually and complete the following checklist:
Header Investigation: Suppose we have received a package. Before opening it, we check the package’s label to see where it’s came from and who sent it. Similarly, we’ll check the email’s header, which is like its digital label, to trace its origin & path.
Metadata Check: Sometimes file like image files have metadata store inside it, in simple words these are like where about of files. So if we get an e-mail with files we can check the metadata to extract some information like when they were sent, from which device, and sometimes even the sender’s location.
IP Address Tracing: This is very important to check the sender’s IP address, IP will lead us to target’s location.
Email Service Provider Investigation: There are different types of mail carriers. Some are like the big, well-known e-mail services, while others are like local e-mail service providers. If we identify the email service provider, then in some cases we can understand more about how the email was sent.
Content Analysis: May be the email content is like deciphering a secret code. We’ll carefully read through the email to uncover any hidden meanings, clues, or unique characteristics that could reveal more about the sender.
Attachments Examination: If the e-mail comes with some extra media files with it then before opening it, we would inspect everything to make sure it’s safe because some file formats can be comes with execution payloads.
Social Media and Online Presence: When we need to search something we use search engines. Similarly we’ll search for the email ID on social media and other online platforms. This helps us build a profile of the target and potentially uncover more about their identity and activities.
This is how we cybersecurity experts inspect an e-mail. We have try to cover the basic things of it and learnt using of Mosint tool on Kali Linux system. Hope this article will be helpful.
Love our article? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group & Whatsapp Channel We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
Ensuring the seamless operation of serverless applications is crucial for delivering exceptional user experiences and maintaining high performance. This requires effective monitoring and troubleshooting tools that can identify issues, monitor performance metrics, and debug errors in real time. With the rapid adoption of serverless architecture, multiple tools have emerged to assist developers and DevOps teams in managing serverless apps efficiently. In this article, we’ll explore the top 10 tools that offer robust monitoring and debugging capabilities for serverless environments, helping organizations ensure optimal performance and reliability.
What Is Serverless Monitoring?
Serverless monitoring and debugging is the practice of tracking and scrutinizing the performance, availability, and behavior of serverless applications and functions. In a serverless architecture, apps are built and deployed as a collection of functions that run in response to events triggered by external sources, such as database changes, HTTP requests, or scheduled tasks. Serverless monitoring involves gathering metrics, logs, and other data points from these functions and services to confirm they are functioning as expected and to detect and troubleshoot any issues or anomalies that may arise. The main objective of serverless monitoring is to optimize the performance and reliability of serverless applications, improve resource utilization, and provide insights for continuous improvement and optimization.
Criteria for Assessing Serverless Monitoring Solutions
Evaluating serverless monitoring tools is crucial for ensuring the optimal performance, reliability, and efficiency of your serverless applications. The choice of monitoring solutions can significantly impact how well you can manage and optimize your serverless architecture. Here are some key criteria to consider when evaluating serverless monitoring tools.
Scalability: An effective monitoring tool must be scalable to accommodate changing workloads and the increasing number of features, services, and events in serverless applications. It should seamlessly adjust to shifting workloads without compromising functionality.
Real-time monitoring capabilities: Look for tools that offer real-time alerts and metrics to quickly identify and address emerging issues. Real-time monitoring provides complete visibility and minimal latency for effective troubleshooting and proactive management.
Ease of integration: Choose monitoring tools that integrate easily with your serverless environment, supporting popular platforms and frameworks. Integration with existing DevOps and CI/CD pipelines is essential for streamlining the monitoring process within the development lifecycle.
Customization options: Ensure that the monitoring tools offer customization options to tailor monitoring for serverless applications according to your specific needs. This includes defining custom metrics, setting up personalized alerts, and creating dashboards aligned with your performance indicators.
Cost considerations: Understand the pricing model of the monitoring tools and evaluate how well it aligns with your budget. Consider factors such as features needed, data volume processed, and level of monitoring granularity required. Choose tools that offer transparent pricing and a balance between features and cost-effectiveness.
Top 10 Serverless Monitoring Solutions for 2024
Serverless monitoring solutions offer a seamless experience that enhances your overall operational efficiency. However, it’s important to note that not all tools are the same. We’ll delve into the features, advantages and disadvantages, practical applications, and pricing structures of our top 10 solutions.
Lumigo
Lumigo is a serverless monitoring platform designed for rapid troubleshooting. It provides real-time monitoring capabilities and interactive visual maps to analyze complex system behaviors, allowing for quicker issue resolution. Lumigo specializes in identifying critical paths and choke points to enhance application performance, improve efficiency, and reduce latency. The platform also tracks various scenarios and generates detailed data-driven reports.
Pros of Lumigo include support for various log and metric types, customizable dashboards, analytics management for capacity and demand, and a transparent cost structure.
However, Lumigo has some limitations such as a lack of audit trail support and the restriction to monitoring one cloud platform at a time.
Use cases for Lumigo include monitoring and debugging third-party APIs and managed services, investigating performance and cost-related issues, conducting end-to-end transaction path analysis, and performing root cause analysis.
AWS X-Ray, an offering by Amazon, is a serverless monitoring tool that serves a different purpose compared to CloudWatch. While CloudWatch focuses on monitoring and collecting metrics from AWS resources and applications, AWS X-Ray is geared towards assisting developers in tracking requests across a distributed application. It helps identify performance issues, aids in debugging, and tracks performance bottlenecks. AWS X-Ray supports several programming languages such as Node.js, C#, Python, Java, Go, and Ruby.
Some advantages of AWS X-Ray include its native integration with AWS services, a robust feature set tailored for distributed applications, and support for in-cloud debugging.
On the downside, AWS X-Ray is limited to compatibility with AWS services only. It does not support tracing over the API gateway and asynchronous invocations, which could lead to performance errors in certain scenarios.
Use cases for AWS X-Ray include event monitoring and tracing, analyzing and debugging production and distributed applications with microservices architecture, applying sampling algorithms to determine which requests to trace, and using segments and subsegments to trace data content.
Pricing Model
AWS X-Ray offers a free tier for the first 100,000 traces recorded each month. For organizations requiring more traces, they can estimate the cost using the AWS pricing calculator to determine the most suitable pricing plan.
Amazon CloudWatch
Amazon CloudWatch, an AWS serverless monitoring tool, offers a comprehensive solution that seamlessly integrates with all AWS services. This tool is known for its real-time custom event creation and monitoring capabilities, utilizing machine learning algorithms for anomaly detection. By default, CloudWatch collects Lambda metrics but can also be configured to gather custom metrics related to terminations, volumes, thresholds, and more. The collected data is presented on customizable dashboards for easy analysis.
Pros of Amazon CloudWatch include easy setup of alerts, seamless integration with AWS services, real-time alerts and analytics, and a pay-as-you-go pricing model.
However, there are limitations to consider such as problematic integration with non-AWS vendors, lack of transaction tracking, limited search and filtering capabilities, and potentially unpredictable pricing at scale.
Use cases for Amazon CloudWatch include monitoring application performance with visual data and alarms, conducting root cause analysis, optimizing resources by setting custom thresholds, and testing website impact through evaluation of user requests, logs, analytics, and data.
Pricing Model
Offers a free tier with basic monitoring metrics and a paid tier via a pay-as-you-go model which can be calculated using the AWS pricing calculator.
Google Cloud’s Operations Suite (Formerly Stackdriver)
Google Cloud’s Operations Suite, formerly known as Stackdriver, is a comprehensive distributed application monitoring system offered by Google Cloud. It serves as Google’s counterpart to Amazon CloudWatch and comprises three main pillars: Cloud Monitoring, Cloud Logging, and Cloud Tracing. This suite provides real-time log management analysis, scalable metrics observability, a managed service for running and scaling Prometheus, and application performance management functionalities.
One of the significant advantages of Google Cloud’s Operations Suite is its multi-cloud compatibility, allowing users to monitor applications across different cloud environments seamlessly. Being a Google-supported tool, it offers extensive integrations with various Google Cloud services and tools.
However, some drawbacks include reported issues with customer support, limited query filtering criteria, and the absence of an alert policy feature.
Use cases for the Operations Suite include monitoring serverless infrastructure and applications, troubleshooting serverless applications using cloud ops tools, and optimizing application performance to reduce Mean Time to Recover (MTTR).
Pricing Model
Regarding pricing, the cost of using Google Cloud’s Operations Suite products is based on usage or data volume, and there are typically no upfront fees, with free data usage allotments available for users to get started.
Dashbird
Dashbird is an advanced real-time monitoring and alerting system designed specifically for AWS Lambda applications. It excels at detecting Lambda-specific issues like timeouts, memory problems, runtime errors, misconfigurations, and exceptions. Dashbird offers seamless integration with CloudWatch and supports multiple programming languages such as Python, Java, Node.js, and Go. Its primary goal is to optimize costs, enhance performance, and manage resources efficiently by providing insightful analytics for AWS accounts, services, and functions.
Key advantages of Dashbird include its straightforward deployment process, comprehensive architecture observability, automated alerting system, and a powerful insights engine for detailed analysis.
However, there are limitations to consider, including limited integration with platforms beyond AWS Lambda, complexities in customization, lack of mobile support, and occasional service interruptions.
Use cases for Dashbird include AWS Lambda infrastructure monitoring, log management, X-ray tracing for performance analysis, and setting up alerts and alarms for critical events.
Pricing Model
Dashbird offers a pricing model with three tiers starting at USD 0, with costs varying based on the number of executions per month.
Epsagon
Epsagon is an advanced platform that offers automated data correlation, payloads, and end-to-end observability across various environments, empowering IT professionals to troubleshoot and resolve issues quickly and efficiently. The tool provides comprehensive visibility into containers, virtual machines, serverless systems, and more, eliminating the need for manual coding, labeling, training, or maintenance efforts. Epsagon leverages distributed tracing and sophisticated AI algorithms to identify expenses and monitor end-to-end performance effectively.
Some key advantages of Epsagon include its compatibility with any modern cloud environment, and extensive integrations with popular tools and services like EventBridge, Jira, GitHub, Serverless Framework, Slack, PagerDuty, Pulumi, and others. It also offers AI-based prediction and alerting capabilities, customizable dashboards for tailored monitoring, and automated tracing for cloud microservices.
However, there are some drawbacks to consider, such as a slight increase in code execution time, potential data fragmentation due to the lack of a general data framework, no optimization for mobile platforms, and limited support for multiple AWS accounts.
Use cases for Epsagon include automated tracing for cloud microservices, monitoring central processing unit (CPU) and memory utilization in containers, root cause analysis for issues, and instant observability with payload visibility.
Pricing Model
Epsagon offers a pricing model with three tiers starting at $0, providing up to 1K traces per month based on the selected plan.
Site24X7
Site24/7 is an integrated monitoring solution designed to cover website, application performance, server, network, and cloud monitoring needs. This comprehensive tool offers extensive visibility across various public cloud providers like AWS, Microsoft Azure, and GCP, as well as on-premises data centers leveraging hyper-converged infrastructure (HCI) technologies such as VMware and Nutanix. Site24/7 allows tech teams to create custom events or choose from a range of predefined scenario types for monitoring purposes, and it also comes with a mobile app for convenience.
Some advantages of Site24/7 include instant alerts for timely notifications, robust security tools for both internal and external monitoring of serverless applications, and an optimized mobile application for on-the-go monitoring and management.
However, there are a few drawbacks to note, such as challenges with the transaction recording process, the absence of browser recorder playback for recorders, and occasional interruptions in customer service.
Use cases for Site24/7 encompass public and private cloud monitoring, log management, network monitoring, and application performance management.
Pricing Model
Site24/7 offers a starter plan priced at $9 per month when paid annually, making it an accessible option for businesses looking to enhance their monitoring capabilities.
Thundra
Thundra is a robust platform offering a suite of features including tracing, profiling, monitoring, and alerting designed to assist administrators in effectively managing distributed services. It provides comprehensive observability for end-to-end serverless architectures, facilitates code-level time travel debugging, and offers automatic distributed tracing capabilities. Thundra also features a free live on-premises AWS Lambda debugger, ensuring that it doesn’t introduce additional latency to code execution.
Some advantages of Thundra include detailed monitoring of distributed systems, a wide range of automated alerting options, ease of setup, and no impact on code execution time.
On the downside, Thundra may have complex configuration options, making it less suitable for smaller environments. Additionally, it has a steep learning curve, requiring users to invest time in learning its intricacies.
Use cases for Thundra include automating tracing and serverless monitoring, time travel debugging, integrating alerts and actions with workflows and systems, and real-time automation of security and compliance control configuration, enforcement, and verification.
Pricing Model
Thundra offers a variety of pricing models including a free trial, freemium, and subscription plans starting at USD 0 with options to scale based on monthly invocations, making it accessible to a wide range of users and organizations.
Google Cloud Monitoring
Google Cloud Monitoring, an integral component of Google Cloud’s operations suite, offers automated dashboards designed to collect metrics seamlessly for Google Cloud services. This tool stands out for its ability to support multi-cloud and hybrid environments, making it a versatile choice for diverse infrastructure setups. Some of its notable features include service-level objective (SLO) monitoring, managed metrics specifically tailored for Kubernetes and virtual machines, and effortless integration with Google Cloud services without requiring additional instrumentation.
One of the major advantages of Google Cloud Monitoring is its provision of automatic metric collection dashboards right out of the box for Google Cloud services. This feature streamlines the monitoring process and provides valuable insights into performance metrics, events, and metadata, aiding in trend identification and issue prevention.
However, it’s worth noting that being a relatively new product, Google Cloud Monitoring may still lack some advanced features and may have user interface (UI) issues. Users have reported occasional false positives in alerts, which can be a concern for some scenarios.
The tool finds application across various use cases, including scaling monitoring through its managed service for Prometheus, monitoring API usage, tracking Compute Engine virtual machine (VM) instances, and implementing site reliability engineering (SRE) practices for digital transformation initiatives.
Pricing Model
In terms of pricing, Google Cloud Monitoring follows a model with no upfront fees, allowing users to utilize free data usage allotments to get started. For detailed pricing information, users can refer to the official pricing guide provided by Google Cloud. No upfront fees to start using the free data usage allotments.
New Relic
New Relic is a comprehensive observability platform renowned for its in-depth code-level analysis of entire serverless architectures. The tool’s intuitive dashboards present performance data of cloud services, making troubleshooting seamless with extensive documentation. New Relic boasts support for over 100 built-in integrations, real-time alert creation, and efficient log management, covering a wide range of languages including Java, Node.Js, Python, Go,.NET, PHP, and Ruby, and even offers a native C/C++ agent.
One of the standout features of New Relic is its ease of installation, making it accessible for users looking to dive into performance and availability monitoring. The platform also stands out for its dynamic alerts and the ability to provide granular monitoring across various infrastructure aspects, application layers, and customer-side layers.
However, it’s important to note that New Relic may have a steep learning curve, and the full subscription can be pricey, which might be a consideration for some users.
New Relic finds applications across diverse use cases, including performance and availability monitoring, AWS Lambda monitoring, observability into cloud-managed functions, and viewing the correlated performance of serverless services within the stack in a unified interface.
Adopting and accepting a serverless architecture brings accessibility and cost-efficiency to application development. Monitoring and debugging serverless applications is crucial for ensuring their optimal performance, scalability, and reliability. Such tools offer a variety of features such as real-time monitoring, comprehensive analytics, automated alerting, and integration with cloud platforms. By leveraging these tools, developers and DevOps teams can effectively manage their serverless architectures, identify and resolve issues promptly, optimize resource utilization, and deliver better user experiences.
Choosing the right monitoring and debugging tool depends on factors like the specific needs of your application, the cloud platform you are using, budget considerations, and the level of customization and automation required. It’s essential to evaluate each tool’s pros and cons, pricing models, and compatibility with your existing infrastructure before making a decision.
Ultimately, adopting the right monitoring and debugging practices and utilizing the best tools for serverless applications can lead to improved operational efficiency, reduced downtime, cost savings, and overall better performance of your serverless ecosystem.
Most of the prominent data breaches that occur today have been the outcomes of an SQL Injection attack, which has led to regulatory penalties and reputational damages. An effective SQL Injection attack can lead to unapproved access to delicate data, including credit card information, PINs, or other private information regarding a customer. In some instances,…
March 5, 2024 As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. “The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain …
