6 min
Automation and Orchestration
Top Three Questions to ask Security Orchestration and Automation Vendors
If you’ve been in cybersecurity for some time, you’ve likely heard about the
many benefits of security orchestration and automation
: time
saved, costs reduced, risk exposure mitigated ... the list goes on. And as this
popular technology proliferates across our industry, you have more options than
ever before when it comes to choosing a security orchestration, automation, and
response (SOAR) solution.
It’s important to not
2 min
User Behavior Analytics
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a
key feature of InsightIDR ,
Rapid7’s threat detection and incident response solution
. Users can
take this ability one step further by deploying deception technology, like honey
users, which come built into the product. A honey user is a dummy user not
associated with a real person within your organization. B
4 min
Customer Perspective
Why Bow Valley College Gives Rapid7 InsightVM High Marks for Vulnerability Management
Bow Valley College uses InsightVM dashboards to identify quick wins, measure
success, and communicate to senior leadership. James Cairns, database
administrator at Bow Valley College, gave us a look into their vulnerability
management journey with Rapid7.
It’s my job to assess vulnerabilities, facilitate patching, and work with the
rest of my infrastructure team to optimize our resources in order to stay on top
of security issues. As the database administrator for Bow Valley College in
Calgary,
5 min
IoT
Security Impact of Easily Accessible
UART on IoT Technology
When it comes to securing IoT devices, it’s important to know that Universal
Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom
for device analysis when you have physical access. For example, as part of
ongoing security research and testing projects on embedded technology we own, I
have opened up a number of devices and discovered a majority of them having UART
enabled. Those with UART enabled have—in every case—provided a path to full root
access and allowed me to
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 6/15/18
New Privilege Escalation Exploit
The glibc 'realpath()' module
was added by bcoles
. It attempts to gain root privileges on Debian-based
Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <=
2.26. This exploit uses halfdog's RationalLove
exploit to expose a buffer underflow error in glibc realpath() and create a SUID
root shell. The module includes offset
7 min
Penetration Testing
How to Create a Secure and Portable Kali Installation
The following is a guest post from Rapid7 customer Bo Weaver.
Hi, everyone. I’m Bo, a penetration tester at CompliancePoint (and also a
customer of Rapid7). If you’re just getting started in penetration testing
, or are simply
interested in the basics, this blog is for you.
An Intro to Kali
Kali Linux is an open source project that is maintained and funded by Offensive
Security , a provider of inform
4 min
Threat Intel
A Common Retailer Dark Web Profile: What We Found in Our Search
In this post, we share examples of common retailer data found across the Dark Web and build a “Dark Web profile” for a typical retail company.
5 min
Phishing
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
.
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
4 min
Automation and Orchestration
How Security Orchestration and Automation Will Unite Infosec
After working in the security industry for 15 years, one of the consistent
themes I’ve observed is how teams struggle with balancing the increasing amount
of work they have to do, without an increase in resources to accomplish their
goals. But there’s another, less obvious problem that I like to refer to as a
different kind of SaaS: “security as a silo.”
It should be no surprise that large organizations frequently struggle with silos
that create friction and miscommunication—barriers that get i
2 min
Patch Tuesday
Patch Tuesday - June 2018
This month's Patch Tuesday
is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by
Microsoft. However, a bit of excitement came earlier this month, with an
out-of-band patch for Adobe Flash Player released last Thursday
to fix
four security issues. Two of these were flaws that can lead
3 min
Penetration Testing
Password Tips From a Pen Tester: Common Patterns Exposed
When my colleagues and I are out on penetration tests, we have a fixed amount of
time to complete the test. Efficiency is important. Analyzing password data like
we’re doing here helps pen testers better understand the likelihood of password
patterns and choices, and we use that knowledge to our advantage when we perform
penetration testing
service engagements at Rapid7.
In my experience, most password complexity policies require at l
3 min
Vulnerability Disclosure
R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)
This post describes CVE-2018-5553, a vulnerability in the Crestron Console
service that is preinstalled on the DGE-100. Due to a lack of input
sanitization, this service is vulnerable to command injection that can be used
to gain root-level access. DGE-100 devices running firmware versions
1.3384.00049.001 and lower with default configuration are vulnerable to
CVE-2018-5553.
CVE-2018-5553 is categorized as CWE-78 (Improper Neutralization of Special
Elements used in an OS Command)
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 6/8/18
Just Let Me Grab My Popcorn First
This week, rmdavy contributed a pair of modules
designed to fool Windows into authenticating to you so you can capture sweet,
sweet NetNTLM hashes. BadODT
targets
LibreOffice/Apache OpenOffice by providing a link to an image on a network
share, and the new Multi Dropper
creates all sorts of
files Windows itself lov