5 min
CIS Controls
CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security
Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 8/3/18
Meterpreter on Axis
Everyone loves shells, but Meterpreter sessions are always better. Thanks to
William Vu, the axis_srv_parhand_rce
module is now
capable of giving you a Meterpreter session instead of a regular shell with
netcat.
DLL Injection for POP/MOV SS
Another awesome improvement is Brendan Watters' work on the POP/MOV SS exploit
against Windows
(CVE-2018-8897), also k
3 min
Threat Intel
Major Carding Site Replacement: How Altenen.nz Rose From the Ashes of Altenen.com
Here’s our recap of the Altenen takedown and thoughts on where threat hunters should shift their focus for finding new threats and fraud tactics.
4 min
CIS Controls
CIS Critical Security Control 17: Some Assembly Required for Your Security Awareness and Training Program
Developing out a new security program but neglecting to train your employees on it is like shipping out this year’s hottest product but forgetting to stash the instruction manual in the box. The key principle behind CIS Critical Control 17 is implementing a security awareness and training program.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/27/18
CMS Exploitation Made Simple
"CMS Made Simple" is an open-source Content Management System. Mustafa Hasen
discovered and reported that
versions 2.2.5 and 2.2.7 include a vulnerability in file uploads that permit an
authenticated attacker to gain execution of arbitrary PHP scripts. The
multi/http/cmsms_upload_rename_rce
exploit module uses our PHP Meterpreter to gain full
4 min
Threat Intel
Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.
2 min
Beyond RASP Security
The bad news: 100 percent of web applications are vulnerable. It’s not a typo:
100 percent of web applications contain at least one vulnerability — on average,
apps have 11 potential weak points.
So, it’s no surprise that organizations are leveraging tools that empower
applications to take defensive action without the need for direct IT
involvement. Known as RASP (runtime application self-protection)
— and
hence the a
7 min
API
Your Guide to InsightVM’s RESTful API
A Security Automation-Focused API for Forward-Thinking Vulnerability Management
Released in January of 2018, Rapid7 InsightVM
’s API version 3—the RESTful API
—was a highly anticipated, perhaps
somewhat inconspicuous, addition to our vulnerability management solution
. Introduced as a
successor to previous API versions, the RESTful API was designed for
3 min
Threat Intel
Digital Footprints, Breadcrumbs, and How Hackers Exploit Them
Here is how hackers use publicly available employee data in the form of digital footprints and breadcrumbs to illegally access company systems.
2 min
Penetration Testing
Under the Hoodie 2018: Lessons from a Season of Penetration Testing
Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/20/18
Privilege Escalation
Linux BPF
CVE-2017-16995 is a Linux
kernel vulnerability in the way that a Berkeley Packet Filter (BPF) is verified.
Multiple sign extension bugs allows memory corruption by unprivileged users,
which could be used for a local privilege escalation attack by overwriting a
credential structure in memory to gain root access to a compromised host. The
bpf_sign_extension_priv_esc module
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
2 min
Penetration Testing
Password Tips from a Pen Tester: What is Your Company’s Default Password?
Welcome back to Password Tips From a Pen Tester.
The first day on the job: We fill out all the requisite paperwork for Human
Resources and get a computer and our network password. That password is often
something easy to remember, and is often the same for every new employee. It
might be Welcome1, ChangeMe! or one of our old favorites, the SeasonYear (ie.
Summer2018). If a new employee is having trouble signing in for the first time
and they call the help desk, they can easily get the help they
3 min
How to Use Metasploit Teradata Modules
As penetration testers, we often find ourselves working with applications and
services that are new to us or uncommon. In one such case, I performed an
internal network penetration test that was focused exclusively on a handful of
Teradata database servers. To test for weak passwords, I had cobbled together a
Windows batch file that would wrap username and password lists around Teradata’s
bteq application. However, one thing I wanted to do was come back sometime and
build a proper Metasploit log
3 min
Azure
Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform
Today, we announced
continued, more comprehensive development of the integration between the Rapid7
Insight platform and Microsoft Azure.
A new integration with Azure Security Center makes it easy to deploy the Rapid7
unified Insight Agent across new and existing Azure Virtual Machines. This
automated deployment enables InsightVM customers to maintain constant visibility
into the assets, vulnerabilities, and