12 min
Dangerous Things #1: Interview with Dan Guido, co-founder of Trail of Bits
Having been involved in information security for the last 15 years, I've had the
opportunity to meet some really amazing people and to view the industry through
their eyes. I've been toying with the idea of a blog series where I interview
some of the people I've had the privilege to meet, and hopefully to introduce
some of my readers to the awesome research that's being done. I've decided to
call the blog series "Dangerous Things", which is a reference to the fact that
so many of us in this indu
2 min
Metasploit
Metasploit 4.2 Released: IPv6, VMware, and Tons of Modules!
Since our last release in October, we've added 54 new exploits, 66 new auxiliary
modules, 43 new post-exploitation modules, and 18 new payloads -- that clocks in
at just about 1.5 new modules per day since version 4.1. Clearly, this kind of
volume is way too much to detail in a single update blog post.
IPv6 Coverage
Metasploit 4.2 now ships with thirteen brand new payloads, all added to support
opening command sessions and shells on IPv6 networks. In addition, Metasploit's
existing arsenal of p
4 min
Cyber attack ranked within the top 5 risks in terms of probability
“The more complex the system, the greater the risk of systemic breakdown, but
also the greater the potential for opportunity” - Klaus Schwab Founder and
Executive Chairman World Economic Forum.
The World Economic Forum released their Global risks
2012 report, outlining the perceived impact, likelihood and interconnectedness
of 50 prevalent global risks ranged in five risk categories: economic,
environmental, geopolitical, societal and technological.
In this post I'
3 min
Metasploit
The Art of Keylogging with Metasploit & Javascript
Rarely does a week go by without a friend or family member getting their login
credentials compromised, then reused for malicious purposes. My wife is always
on the lookout on Facebook, warning relatives and friends to change their
passwords. Many people don't understand how their credentials get compromised.
Password reuse on several websites is usually the culprit. Password reuse is a
problem even if the website encrypts the passwords in their databases. An
attacker only needs to insert some
2 min
Metasploit
Weekly Metasploit Update: All Your Auth Are Belong To Us
This week, with RSA 2012 fast approaching and the final touches on Metasploit
version 4.2 getting nailed down, we've been in a code freeze for core Metasploit
functionality. However, that doesn't apply to the parade of modules, so here's
what's in store for the next -- and quite likely last -- update for Metasploit
4.1.
Authentication Credential Gathering and Testing
Jon Hart has been on fire with new Metasploit contributions -- this week, he's
come up with a trio of credential snarfing post mo
7 min
IT Ops
Digging into Engine Yard Logs
I’ve recently been playing with a number of PAAS platforms, and its bringing me
back somewhat to my days toying with J2EE application servers, JDBC drivers,
Relational DBs etc. Oh how I remember deploying servers and databases and then
checking out my shiny new application, remember the J2EE petstore
anyone?? 🙂
However the big difference with PAAS, over old school application servers is
that you do not need to spend a few days configuring them
3 min
Product Updates
What is this whole updating thing anyways?
Nexpose by default is programmed to reach out on startup and every six hours
afterward to the Rapid 7 update servers. At this time Nexpose checks for any new
product and vulnerability content updates. If any updates are available Nexpose
attempts to download and apply the data to the Security Console and local Scan
Engine. The Security Console also sends updates to any distributed Scan Engines
to which it is connected.
How do I disable automatic product updates?
The Security Console offers a fe
2 min
Metasploit
Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation
When we talk to Metasploit users, they usually use it for either penetration
testing, password auditing or vulnerability validation, but few use it for more
than one of these purposes. By leveraging your investment in Metasploit, you can
triple-dip at the same price - no extra licenses needed.
Penetration Testing
With penetration testing, you can identify issues in your security
infrastructure that could lead to a data breach. Weaknesses you can identify
include exploitable vulnerabilities, we
2 min
Metasploit
Weekly Metasploit Update: New Payloads, New Modules, and PCAnywhere, Anywhere
PCAnywhere, Anywhere
The big news this week centered around Symantec's pcAnywhere. For starters,
there's a new ZDI advisory
for a buffer overflow
in the username field. More notably, though, was the advice in a Symantec white
paper which advises customers to "disable or remove Access Server and use remote
sessions via secure VPN tunnels." So, while the Metasploit elves bang away at a
proper buffer overflow module, HD Moore busted out a pa
2 min
Nexpose
How to Exploit A Single Vulnerability with Metasploit Pro
Metasploit Pro's smart exploitation function is great if you want to get a
session quickly and don't care about being "noisy" on the network, but there are
certain situations where you may want to use just one exploit:
* You're conducting a penetration test and want to exploit just one
vulnerability so you don't draw too much attention (i.e. you want to use a
sniper rifle, not a machine gun)
* You're a vulnerability manager and want to validate just one vulnerability to
know whether
3 min
Release Notes
Nexpose Reaches OWASP Top10 Coverage
Rapid7 is proud to announce that Nexpose's 5.1 web application scanning
capabilities can now detect all types of vulnerabilities in OWASP's Top10
! We've
completed this task with the addition of two new vulnerability checks, A5:
Cross-Site Request Forgery (CSRF)
and A8: Failure to Restrict
URL
Access . The next paragraphs
will describe
1 min
How to Import Vulnerability Scanner Reports Into Metasploit
It's easy to import third-party vulnerability scanning results into Metasploit.
These formats are supported:
* Acunetix XML
* Amap Log
* Appscan XML
* Burp Session XML
* Core Impact Pro XML
* Foundstone Network Inventory XML
* IP Address List
* Libpcap
* Microsoft MBSA SecScan XML
* nCircle IP360 (XMLv3 & ASPL)
* Metasploit PWDump Export
* Metasploit Zip Export
* Metasploit XML
* NetSparker XML
* Nessus XML (v1 & v2)
* Nexpose Simple XML
* Nexpose XML Export
* Nmap XML
* Qu
2 min
Nexpose
Find Vulnerable pcAnywhere Installations with DAGs
On Monday, Symantec made the rare decision
to tell their customer base to either uninstall or disable their remote control
software suite pcAnywhere . Symantec made
this decision because their users were at risk to be exploited by publicly known
vulnerabilities that they had not been able to create a patch for yet. This
recommendation to disable software due to act
4 min
Nexpose
"Pass the hash" with Nexpose and Metasploit
I am proud to announce that Nexpose 5.1.0 now supports "pass the hash"
, a technique to remotely
authenticate against a Windows machine (or any SMB/CIFS server) with the mere
possession of LM/NTLM password hashes, without needing to crack or brute force
them. Nexpose is able to use the hashes to perform credentialed scans to produce
very detailed scan results of all sorts of local and remote vulnerabilities that
may otherwise not be detectable.
And pe
2 min
Metasploit
Remote-Controlling Metasploit Through APIs
Metasploit offers some great ways to automate its functionality through a
programming interface. Metasploit users have built custom tools and processes
based on this functionality, saving them time to conduct repetitive tasks, or
enabling them to schedule automated tasks. Our most advanced customers have even
intgrated Metasploit Pro into their enterprise security infrastructure to
automatically verify the exploitability of vulnerabilities to make their
vulnerability management program more ef