4 min
Automation and Orchestration
How to Secure SSH Server using Port Knocking on Ubuntu Linux
Synopsis
Port Knocking is a method used to secure your port access from unauthorised
users. Port Knocking works by opening ports on a firewall by generating a
connection attempt on a set of prespecified closed ports. Once a correct
sequence of connection attempts is received, the firewall will open the port
that was previously closed. The main purpose of port knocking is to defend
yourself against port scanners. Changing your default ssh port is not a secure
method to protect your server, becaus
3 min
Automation and Orchestration
How to Secure MySQL Server on Ubuntu Linux
Synopsis
Now a day database server is very critical and necessary component for any
applications. Databases can be found in everything from web applications, web
server to smartphones and other devices. Most of software applications rely on a
database to store its data. This is the reason why databases are the number one
target of any attackers. Among all the databases MySQL and MariaDB has become
the world’s most popular open source database due to its fast performance, high
reliability and eas
3 min
Rapid7 Perspective
NCSAM: A Personal Security Crash Diet
We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.
11 min
Research
Building a Backpack Hypervisor
Researcher, engineer, and Metasploit contributor Brendan Watters shares his experience building a backpack-size hypervisor.
2 min
Managed Detection and Response (MDR)
Rapid7 and NISC work together to help customers with detection and response
Rapid7 and NISC will work together to provide Managed Detection and Response (MDR) services to the NISC member base, powered by the Rapid7 Insight platform and Rapid7 Security Operation Centers (SOCs.)
1 min
InsightIDR
Want to Try InsightIDR in Your Environment? Free Trial Now Available
InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.
5 min
Exploits
macOS Keychain Security : What You Need To Know
If you follow the infosec twitterverse or have been keeping an eye on macOS news
sites, you’ve likely seen a tweet
(with accompanying
video) from Patrick Wardle (@patrickwardle )
that purports to demonstrate dumping and exfiltration of something called the
“keychain” without an associated privilege escalation prompt. Patrick also has a
more in-depth Q&A blog post
9 min
InsightOps
3 Core Responsibilities for the Modern IT Operations Manager
In the good old days, IT operations managers were responsible for maintaining
the infrastructure, meeting service levels agreements, sticking to budget, and
keeping employees happy. Life was not easy, but at least it was familiar. You
knew your hardware, your software, your employees. You determined services
levels based on what you could actually see and touch. You told people what to
do and they did it. While IT was perceived to be an expensive cost center, it
wasn’t an issue as long as the ph
8 min
Vulnerability Disclosure
Multiple vulnerabilities in Wink and Insteon smart home systems
Today we are announcing four issues affecting two popular home automation
solutions: Wink's Hub 2 and Insteon's Hub. Neither vendor stored sensitive
credentials securely on their associated Android apps. In addition, the Wink
cloud-based management API does not properly expire and revoke authentication
tokens, and the Insteon Hub uses an unencrypted radio transmission protocol for
potentially sensitive security controls such as garage door locks.
As most of these issues have not yet been addres
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sep. 22, 2017
To celebrate this first day of Autumn, we've got a potpourri of "things
Metasploit" for you this week. And it might smell a bit like "pumpkin spice"...
Or it might not. Who knows?
Winter is Coming
If you're looking to finish filling your storehouse before the cold sets in,
we've got a couple of new gatherer modules to help. This new Linux post module
can
locate and pull TOR hostname and private key files for TOR hidden
4 min
Introducing Web Server Agents
We at tCell are excited to announce the availability of tCell’s Web Server Agent
(WSA). The WSA joins our stable of agents for JavaScript, Java, Ruby, Python,
Node.js, and .Net, extending our monitoring and protection capabilities to
common web servers (NGINX is available now, and we’re accepting requests to join
the tech preview for Apache and IIS.)
But first, why this move? For that, I’ll need to take you back a few years, when
people were All About that Bass and yelling “Timber”.
In the
7 min
Research
Cisco Smart Install Exposure
Cisco Smart Install (SMI) provides configuration and image management
capabilities for Cisco switches. Cisco’s SMI documentation
goes into more detail than we’ll be touching on in this post, but the short
version is that SMI leverages a combination of DHCP, TFTP and a proprietary TCP
protocol to allow organizations to deploy and manage Cisco switches. Using SMI
yields a number of be
4 min
InsightIDR
PCI DSS Dashboards in InsightIDR: New Pre-Built Cards
No matter how much you mature your security program
and reduce the
risk of a breach, your life includes the need to report across the company, and
periodically, to auditors. We want to make that part as easy as possible.
We built InsightIDR as a SaaS SIEM
on top of our proven User Behavior
Analytics (UBA) technology to address your incident det
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sept. 15, 2017
It's been a hot minute since the last Metasploit Wrapup. So why not take in our
snazzy new Rapid7 blog makeover and catch up on what's been goin' down!
You can't spell 'Struts' without 'trust'
Or perhaps you can! With the all the current news coverage around an Apache
Struts vulnerability from earlier this year
(thanks to its
involvement in a consumer credit reporting agency data breach), there's a new
Struts vuln
4 min
Events
UNITED Summit: Day 2
After a jam-packed day one of Rapid7’s UNITED Summit
, the UNITED running club started the day
bright and early yet again.
The rest of us opened UNITED day two with a
fireside chat hosted by Jen Ellis , Rapid7 VP of Community
and Public Affairs, and a slew of prominent security commentators: Lares founder
Chris Nickerson , Mach37 Cyber’s
man