10 min
Hacking
Building a Car Hacking Development Workbench: Part 1
Introduction
There is a vast body of knowledge hiding inside your car. Whether you are an
auto enthusiast, developer, hobbyist, security researcher, or just curious about
vehicles, building a development bench can be an exciting project to facilitate
understanding and experimentation without risking possible damage to your
vehicle. This is a perfect project for people of a wide range of ages and skill
levels. Even if you have never worked on a car before, or you do not feel like
your Electronics
3 min
Automation and Orchestration
Understanding Dynamic Multipoint Virtual Private Network (DMVPN)
Dynamic Multipoint Virtual Private Network (DMVPN) is a solution which enables the data to transfer from one site to another, without having the verification process of traffic.
4 min
Automation and Orchestration
Information Security Risk Management Cycle - Overview
Synopsis
Information security risk management
is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In theprevious article
,
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup: June 30, 2017
Metasploit Hackathon
We were happy to host the very first Metasploit framework open source hackathon
this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of
Rapid7 joined forces with the in-house team and worked on a lot of great
projects, small and large.
@bcook started the hackathon working with @sempervictus on his amazing backlog
of framework features, including REX library
improvements
3 min
Automation and Orchestration
How to Install and Configure AIDE on Ubuntu Linux
Synopsys
Aide also known as Advanced Intrusion Detection Environment is an open source
host based file and directory integrity checker. It is a replacement for the
well-known Tripwire integrity checker that can be used to monitor filesystem for
unauthorized change. It is very usefull when someone placing a backdoor on your
web site and make changes that may take your system down completely. Aide
creates a database from your filesystem and stores various file attributes like
permissions, inode nu
7 min
Automation and Orchestration
How to Install and Configure OSSEC on Ubuntu Linux.
Synopsys
OSSEC is an open source host-based intrusion detection system that can be used
to keep track of servers activity. It supports most operating systems such as
Linux, FreeBSD, OpenBSD, Windows, Solaris and much more. It is used to monitor
one server or multiple servers in server/agent mode and give you a real-time
view into what’s happening on your server. OSSEC has a cross-platform
architecture that enables you to monitor multiple systems from centralized
location.
In this tutorial, we w
5 min
Public Policy
Copyright Office Calls For New Cybersecurity Researcher Protections
On Jun. 22, the US Copyright Office released
its
long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act (DMCA),
and it has important implications for independent cybersecurity researchers.
Mostly the news is very positive. Rapid7 advocated extensively for researcher
protections to be built into this report, submitting two sets of detailed
comments—see here
4 min
Ransomware
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day,
affecting organizations in several European countries and the US. It is believed
that the ransomworm may achieve its initial infection via a malicious document
attached to a phishing email, and that it then leverages the EternalBlue
and
DoublePulsar exploits to
spread laterally. Once in
6 min
Komand
10 Steps Towards the Path of Better Security for Your Business
Information security is hard. So hard, in fact, that many choose to ignore it as
an intractable problem, and choose to ignore it wherever possible. They use the
same password everywhere, carry sensitive data around on unencrypted laptops
which they then leave on public transportation, run old applications on old
operating systems, and a plethora of other such security issues.
In an alarmingly-large number of data breaches, attackers do not resort to
zero-day attacks or secret blackhat hacker te
4 min
Microsoft
Petya-like Ransomware Explained
TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in
Ukraine yesterday and has spread around the world. The ransomware, which was
initially thought to be a modified Petya variant, encrypts files on infected
machines and uses multiple mechanisms to both gain entry to target networks and
to spread laterally. Several research teams are reporting that once victims'
disks are encrypted, they cannot be decrypted
2 min
Vulnerability Disclosure
R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)
Summary
The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015
is vulnerable to stored cross-site scripting in two fields. An attacker would
need to have the ability to create a Workspace and entice a victim to visit the
malicious page in order to run malicious Javascript in the context of the
victim's browser. Since the victim is necessarily authenticated, this can allow
the attacker to perform actions on the Biscom Secure File Transfer instance on
the victim's behalf.
2 min
Public Policy
Legislation to Strengthen IoT Marketplace Transparency
Senator Ed Markey (D-MA) is poised to introduce legislation to develop a
voluntary cybersecurity standards program for the Internet of Things (IoT)
.
The legislation, called the Cyber Shield Act, would enable IoT products that
comply with the standards to display a label indicating a strong level of
security to consumers – like an Energy Star rating for IoT. Rapid7 supports this
legislation and believes greater transpa
2 min
Automation and Orchestration
Setting Up and Managing a Bug Bounty Program
Synopsis
Bug bounties have become mainstream and rightfully so. They offer a method to
access and harness the intelligence of varied set of expert hackers and security
researchers without having to incur the cost of hiring an army of security
professionals. The main advantage though is that one can keep a step ahead of
the malicious hackers. This article talks about how to setup a bug bounty
program and some of the pitfalls to watch out for.
When to do a Bug Bounty ?
One obvious question that w
5 min
Automation and Orchestration
How to Install and Use PSAD IDS on Ubuntu Linux
Synopsys
PSAD also known as Port Scan Attack Detector is a collection of lightweight
system daemons that run on Linux system and analyze iptables log messages to
detect port scans and other suspicious traffic.PSAD is used to change an
Intrusion Detection System into an Intrusion Prevention System. PSAD uses Snort
rules for the detection of intrusion events. It is specially designed to work
with Linux iptables/firewalld to detect suspicious traffic such as, port scans,
backdoors and botnet comman
4 min
Automation and Orchestration
How to Install and Configure Bro on Ubuntu Linux
Synopsis
Bro is a free open source Unix based network analysis framework started by Vern
Paxson.
Bro provides a comprehensive platform for collecting network measurements,
conducting forensic investigations and traffic baselining. Bro comes with
powerful analysis engine which makes it powerful intrusion detection system and
network analysis framework.
Bro comes with a powerful set of features, some of them are listed below:
* Runs on commodity hardware and supports Linux, FreeBSD and MacOS.