7 min
Metasploit
Hiding Metasploit Shellcode to Evade Windows Defender
Being on the offensive side in the security field, I personally have a lot of
respect for the researchers and engineers in the antivirus industry, and the
companies dedicated to investing so much in them. If malware development is a
cat-and-mouse game, then I would say that the industry creates some of the most
terrifying hunters. Penetration testers and red teamers suffer the most from
this while using Metasploit , which
forced me to look into how to
4 min
Vulnerability Management
CVE 100K: A Big, Round Number
There have been 100,000 CVEs published. That's a big, round number.
6 min
Vulnerability Management
CVE 100K: By The Numbers
There have been 100,000 CVEs published. Here are some stats on the program so far.
3 min
CIS Controls
CIS Critical Security Control 15 Explained: Wireless Access Control – Are You Really Managing Your WiFi?
This is a continuation of our CIS critical security controls blog series
. See why SANS listed
Rapid7 as the top solution provider addressing the CIS top 20 controls
.
Decades ago, your network was a collection of routers, firewalls, switches, wall
ports, and what seemed like a million miles of cable. The only way for your
employees and guests to access it was to be seated nea
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/27/18
After last week's seriously serious write-up
, this week
we will return to our norml normal, lighthearted (and Metasploit-hearted)
wrap-ups, though we remain fans of terrible 80s movies.
Drupalgeddon 2: Webdev Boogaloo
After last month's Drupal exploit came to light, nearly a dozen developers have
been hard at work to add a module targeting CVE-2018-7600
. You can
5 min
Vulnerability Management
Drupalgeddon Vulnerability: What is it? Are You Impacted?
First up: many thanks to Brent Cook , William Vu
and Matt Hand for their massive assistance in both the
Rapid7 research into “Drupalgeddon” and their contributions to this post.
Background on the Drupalgeddon vulnerability
The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28
) as SA-CORE-2018-002 . The advisory
was released with a patch and CVE (CVE-2018-7600)
2 min
InsightVM
Rapid7 InsightVM Named Best Vulnerability Management Solution by SC Magazine
SC Media has announced the 2018 SC Awards and (drumroll, please…)
InsightVM is proud to take top
honors as Best Vulnerability Management Solution in the Trust Awards category.
Our team works tirelessly day in and day out to bring SecOps best practices
to our customers, help our customers
secure their modern networks, and work across teams to solve their trickiest
problems. It means the world to us when th
3 min
Detection and Response
How to Detect Devices on Your Network Running Telnet Services
Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
4 min
InsightIDR
How to Identify Attacker Reconnaissance on Your Internal Network
The most vulnerable moment for attackers is when they first gain internal access
to your corporate network. In order to determine their next step, intruders must
perform reconnaissance to scout available ports, services, and assets from which
they can pivot and gain access to customer databases, credit card data, source
code, and more. These initial moments are arguably your best opportunities to
catch attackers before critical assets are breached, but unfortunately, it can
be very challenging t
5 min
CIS Controls
CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know
This is a continuation of our CIS critical security controls blog series
. See why SANS listed
Rapid7 as the top solution provider addressing the CIS top 20 controls.
Let’s start with some simple, yet often unasked questions. Do you know what
critical assets—information and data, applications, hardware, SCADA systems,
etc.—exist in your organization’s network? Do you have a data classification
policy? Who defines the criticality of systems
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/20/18
You may have noticed that our weekly wrapups
tend to be very
light-hearted. A few might say our blog is humourous. Some might even argue that
they incorporate low-brow internet jokes and an excessive quantity of memes.
Well, I'm here to say we've turned over a new leaf. No longer will cheap comedy
cover the pages of this professional publication.
In honor of April 20th, this blog post will remain serious.
Seriously.
Google Summer of
2 min
Should Security Teams Use CSP Nonces to Better Comply with PCI?
This week, tCell sponsored BSidesSF . Many things I’ve
heard about the conference proved to be true, and the technical depth of
conversations I had at our table was definitely enough to keep me on my toes.
One of the most interesting conversations was with a company that wanted to talk
about Content Security Policies (CSP). They had come to the conclusion that new
revisions of the PCI security standards
would require that they imple
5 min
Vulnerability Management
How to Remediate Vulnerabilities Across Multiple Offices
Your vulnerability scanner embarks
on its weekly scan. The report comes in, you fire it off to your IT team across
the country and...silence. Thinking they’re on it, you go on with your day,
until next week’s scan report comes in and you find out that not everything was
fixed and issues have progressed.
For companies with distributed offices, it can be tricky to communicate issues
to teammates you have limited facetime with, get things done quickly w
3 min
Public Policy
Georgia should not authorize "hack back"
Update 05/09/18: Georgia Governor Deal vetoed SB 315. In a thoughtful veto
statement, the Governor noted that the legislation raised "concerns regarding
national security implications and other potential ramifications," and that "SB
315 may inadvertently hinder the ability of government and private industries"
to protect against breaches. The statement expressed interest in working with
the cybersecurity and law enforcement communities on a new policy.
The Georgia state legislature recently pas
4 min
InsightIDR
Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats
InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.