4 min
Authentication
Brute Force Attacks Using US Census Bureau Data
Currently one of the most successful methods for compromising an organization is
via password-guessing attacks. To gain access to an organization using brute
force attack
methods, there are a minimum of three things a malicious actor needs: A
username, a password, and a target. Often the targets are easy to discover, and
typically turn out to be email systems such as Outlook Web Access (OWA) or VPN
solutions that are expo
5 min
Incident Detection
What is Incident Detection and Response?
Incident Detection and Response (IDR)
, also known as
attack/threat detection and response, is the process of finding intruders in
your infrastructure, retracing their activity, containing the threat, and
removing their foothold. By learning how attackers compromise systems and move
around your network, you can be better equipped to detect and stop attacks
before valuable data is stolen. This blog covers the different components of the
atta
1 min
IT Ops
Infographic: What scares IT Professionals most about IT Infrastructure
Download Now
Logentries surveyed IT Professionals identifying themselves as members of
Information Technology Teams, Operations Teams, and Development Teams Asking
them:
“What scares you the most about your IT infrastructure?”
The answers highlighted Security concerns, System Failure, Operational costs,
and the complexities of SDN (Software Defined Networking).
We saw many responses reinforcing the need to conti
4 min
Security Strategy
Using Color within Data Visualization
Admit It, You Love Color!
Any of the Rapid7 products you use involves interacting to some extent with
color. Living in a achromatic world would be dull, compared to a world drenched
in colors. Why? Because, color helps us in a number of ways. It can:
* Help us to distinguish one object from another
* Cause actions and reactions
* Influence our thinking
* Play an important role in conveying quantitative information.
Imagine an air traffic control center whereby the colors used to convey dat
3 min
Malware
Ransomware FAQ: Avoiding the latest trend in malware
Recently, a number of Rapid7's customers have been evaluating the risks posed by
the swift rise of ransomware as an attack vector. Today, I'd like to address
some of the more common concerns.
What is Ransomware?
Cryptowall and
Cryptolocker are among of the
best known ransomware criminal malware packages today. In most cases, users are
afflicted by ransomware by clicking on a phishing link o
6 min
IT Ops
Do You Still Email Yourself from Your Code? How to Stop the Madness
A few years back now, I took on an assignment to help a company modernize a
series of legacy .NET applications. One of these did some back office
processing. A vendor would stick some files on a shared drive, and a windows
scheduled task would invoke this bit of code to parse the file, apply a whole
slew of business rules to its contents, and then update the appropriate internal
systems. The details are both proprietary and uninteresting, so I will spare
you those.
The author of this appli
2 min
InsightIDR
What's the Difference Between InsightIDR & InsightUBA?
We're now a few weeks into our InsightIDR launch, and the response has been
tremendous – thank you! The Insight Platform is purpose-built to help you detect
and investigate attacks earlier across your entire network ecosystem. InsightIDR
builds upon the tested User Behavior Analytics and full functionality in
InsightUBA (formerly UserInsight), and adds powerful log search, investigation,
and compliance dashboards for an end-to-end Incident Detection and Response
offering.
Everything in InsightU
13 min
IT Ops
The 4 Steps for Creating a Log Enabled Marketing Campaign
Typically, most logging activity in the online world is concerned with
collecting information about an enterprise’s digital infrastructure. Machine
logs, application logs, network logs, database logs, access logs are a few
examples of such activity. However, as marketing campaigns become more
integrated into application activity, using log data to monitor and to measure
the effectiveness of a campaign is a viable extension of an enterprise’s current
logging activity.
But, we need to beware.
4 min
Vulnerability Disclosure
R7-2016-02: Multiple Vulnerabilities in ManageEngine OpUtils
Disclosure Summary
ManageEngine OpUtils is an enterprise switch port and IP address management
system. Rapid7's Deral Heiland discovered a persistent cross-site scripting
(XSS) vulnerability, as well as a number of insecure direct object references.
The vendor and CERT have been notified of these issues. The version tested was
OpUtils 8.0, which was the most recent version at the time of initial
disclosure. As of today, the current version offered by ManageEngine is OpUtils
12.0.
R7-2016-02.1:
5 min
IoT
R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)
This advisory was written by the discoverer of the NPort issue, Joakim Kennedy
of Rapid7, Inc.
Securing legacy hardware is a difficult task, especially when the hardware is
being connected in a way that was never initially intended. One way of making
legacy hardware more connectable is to use serial servers. The serial server
acts as a bridge and allows serial devices to communicate over TCP/IP. The
device then appears on the network as a normal network-connected device. This
allows for remote
3 min
Nexpose
How to use Nexpose to find all assets affected by DROWN
Introduction
DROWN is a cross-protocol attack against OpenSSL. The attack uses export cipher
suites and SSLv2 to decrypt TLS sessions. SSLv2 was developed by Netscape and
released in February 1995. Due to it containing a number of security flaws, the
protocol was completely redesigned and SSLv3 was released in 1996. Even though
SSLv2 was declared obsolete over 20 years ago, there are still servers
supporting the protocol. What's both fascinating and devastating about the DROWN
attack, is that se
4 min
Public Policy
Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201
On Mar. 3rd, Rapid7, Bugcrowd , and HackerOne
submitted joint comments to the Copyright Office urging
them to provide additional protections for security researchers. The Copyright
Office requested public input
as part of a study on Section 1201
of the Digital Millennium
Copyright Act (DMCA). Our comments to the Copyright Office focused on reforming
5 min
IT Ops
Brics Vs RE2/J
By Benoit Gaudin and Mark Lacomber
Regular Expressions
When it comes to searching unstructured data, regular expressions are a very
useful and powerful tool. The power provided by popular regular expression
libraries does come with a significant performance cost in some cases though,
both when compiling regular expressions into automata (state explosion problem
when determinising automata) and when using these automata to match input. These
constraints are usually acceptable for individuals ne
3 min
Release Notes
Weekly Metasploit Wrapup: March 14, 2016
Scanning for the Fortinet backdoor with Metasploit
Written by wvu
Metasploit now implements a scanner for the Fortinet backdoor. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
5 min
IT Ops
A point of @Contention- cache coherence on the JVM
Java 8’s major changes- lexical closures, the stream API, e.t.c have
overshadowed a slew of little gems, one of which I only discovered the other
day- the @Contended annotation.
False Sharing
Chances are you’re reading this on a device with more than one CPU. There’s
therefore also quite a good chance the you have more than one thread of
execution running at the exact same time. There’s an equally good chance that
some of your fancy multiprocessor CPU’s on-die memory (aka L2/3 cache) is share