5 min
Automation and Orchestration
How to Install and Configure Tripwire IDS on CentOS 7
Synopsis
Tripwire is a most popular host-based intrusion detection system that
continuously tracks your critical system files and reports under control if they
have been destroyed. Tripwire agents monitor Linux systems to detect and report
any unauthorized changes to files and directories including permissions,
internal file changes, and timestamp details.
Tripwire works by scanning the file system and stores information on each file
scanned in a database. If changes are found between the store
5 min
Automation and Orchestration
How to Install and Configure CSF Firewall on Ubuntu Linux
Synopsis
CSF also known as Config Server Firewall is a free and open source advance
firewall application suite base on iptables that provides additional security to
your server. CSF comes with additional security features, such as ssh, su login
detection and also recognizes a lot of different types of attack like SYN flood,
port scan, DOS and brute force. CSF supports most of common used operating
systems like CentOS, openSUSE, RedHat, CloudLinux, Fedora, Slackware, Ubuntu and
Debian. You can ea
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - Improving Incident Response Plan; Awareness/Training Role
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
.
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - SOPs, Trust and the Incident Response Team
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
.
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
4 min
Metasploit
EternalBlue: Metasploit Module for MS17-010
This week's release of Metasploit
includes a scanner and exploit module for the EternalBlue vulnerability, which
made headlines a couple of weeks ago when hacking group, the Shadow Brokers,
disclosed a trove of alleged NSA exploits
. Included among them, EternalBlue, exploits MS17-010
, a
Wi
1 min
Python
Recent Python Meterpreter Improvements
The Python Meterpreter
has received
quite a few improvements this year. In order to generate consistent results, we
now use the same technique to determine the Windows version in both the Windows
and Python instances of Meterpreter. Additionally, the native system language is
now populated in the output of the sysinfo command. This makes it easier to
identify and work with international systems.
The largest change to the Python M
4 min
Automation and Orchestration
What is Security Automation?
Security has always been a numbers game. Time to detection and time to response
have been metrics security teams have sought to reduce since the beginning of
time (or at least the beginning of computers…). But what does it take to
actually reduce that number?
If you’re reading this, we’re guessing you’re no stranger to the challenges in
the world of security today. Between the security talent gap
5 min
CIS Controls
The CIS Critical Controls Explained - Control 7: Email and Web browser protection
This blog is a continuation of our blog post series around the CIS Critical
Controls
.
The biggest threat surface in any organization is its workstations. This is the
reason so many of the CIS Critical Security Controls
relate to
workstation and user-focused endpoint security. It is also the reason that
workstation security is a multibill
2 min
Vulnerability Management
CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key
Today, Rapid7 is notifying Nexpose
and InsightVM users of a
vulnerability that affects certain virtual appliances. While this issue is
relatively low severity, we want to make sure that our customers have all the
information they need to make informed security decisions regarding their
networks. If you are a Rapid7 customer who has any questions about this issue,
please don't hesitate to contact your custome
17 min
Vulnerability Disclosure
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary
In October of 2016, former Rapid7 researcher Phil Bosco
discovered a number of relatively low-risk
vulnerabilities and issues involving home security systems that are common
throughout the United States, and which have significant WiFi or Ethernet
capabilities. The three systems tested were offerings from Comcast XFINITY, ADT,
and AT&T Digital Life, and the issues discovered ranged from an apparent "fail
open" condition on the external door and
4 min
Ransomware
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available
in Metasploit for testing your compensating controls and validating
remediations. More info: EternalBlue: Metasploit Module for MS17-010
. Also
removed steps 5 and 6 from scan instructions as they were not strictly necessary
and causing issues for some customers.
*Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts
that ar
6 min
Ransomware
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)
WannaCry Overview
Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna
Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding
computers for ransom at hospitals, government offices, and businesses. To recap:
WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file
sharing protocol. It spreads to unpatched devices directly connected to the
internet and, once inside an organization, those machines and devices behind the
firew
5 min
Komand
Top Threat Actors and Their Tactics, Techniques, Tools, and Targets
With new threats emerging every day (over 230,000 new malware strains
are released into the wild daily), it's tough to stay on top of the the latest
ones, including the actors responsible for them.
A threat actor is an individual or group that launches attacks against specific
targets. These actors usually have a particular style they prefer to focus on.
In this post, we will do a deep dive into so
3 min
Threat Intel
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence
Cyber Threat Intelligence is analyzed information about the opportunities,
capabilities, and intent of cyber adversaries. The goal of cyber threat
intelligence
is to help people make decisions about how to prevent, detect, and respond to
threats against their networks. This can take a number of forms, but the one
people almost always turn to is IOCs. IOCs, or indicators of compromise, are
tech
3 min
Metasploit
Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story
Integrating InsightVM or Nexpose
(Rapid7's vulnerability management
solutions ) with
Metasploit (our penetration
testing solution ) is a
lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules