138 matches found
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM...
Metasploit Wrapup, 4.14.4 through 4.14.11
Editor's Note: While this edition of the Metasploit Wrapup is a little late my fault, sorry, we're super excited that it's our first ever Metasploit Wrapup to be authored by an non-Rapid7 contributor. We'd like to thank claudijd -long-time Metasploit contributor, Mozilla security wrangler, and...
The CIS Critical Security Controls Explained – Control 6: Maintenance, Monitoring and Analysis of Audit Logs
In your organizational environment, Audit Logs are your best friend. Seriously. This is the sixth blog of the series based on the CIS Critical Security Controls. Ill be taking you through Control 6: Maintenance, Monitoring and Analysis of Audit Logs, in helping you to understand the need to nurtu...
Introducing InsightOps: A New Approach to IT Monitoring and Troubleshooting
Today we are announcing the general availability of a brand new solution: Rapid7 InsightOps. This latest addition to the Insight platform continues our mission to transform data into answers, giving you the confidence and control to act quickly. InsightOps is Rapid7s first IT-specific solution,...
Recent Python Meterpreter Improvements
The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...
R7-2017-03: Improper Access Control of Fuze Meeting Recordings (FIXED)
This post describes a security vulnerability in the Fuze collaboration platform, and the mitigation steps that have been taken to correct the issue. The Fuze collaboration platform did not require authentication to access meeting recordings CWE-284. Shortly after being informed of this issue, Fuz...
New Vulnerability Remediation Display in Nexpose Gets You to a Fix Faster
Background Information As part of the Nexpose 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report. Over the years, weve heard from our customers that the Top Remediations Report is one of...
National Exposure Index 2017
Today, Rapid7 is releasing the second National Exposure Index, our effort to quantify the exposure that nations are taking on by offering public services on the internet--not just the webservers like the one hosting this blog, but also unencrypted POP3, IMAPv4, telnet, database servers, SMB, and...
The CIS Critical Security Controls Explained - Control 2: Inventory of Authorized and Unauthorized Software
As I mentioned in our last post, the 20 critical controls are divided into System, Network, and Application families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch,...
SIEM Security Tools: Four Expensive Misconceptions
Why modern SIEM security solutions can save you from data and cost headaches. If you want to reliably detect attacks across your organization, you need to see all of the activity thats happening on your network. More importantly, that activity needs to be filtered and prioritized by risk -- acros...
Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched
AppSpider scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them? In some cases it could take several days to weeks before a fix/patch to resolve the vulnerability ca...
Collaborative Storytelling at Rapid7
Great ideas can come from anywhere! At Rapid7, we design and develop wonderful products we hope you think so too!. Everything here starts with stories. Storytelling matters: The ability to tell a compelling story is the defining quality of human nature. Storytelling is just as important in busine...
Better Credential Management for Better Vulnerability Results
Often the first time the security team knows that credentials have expired is when their scans start to return dramatically fewer vulnerabilities. We all know getting credentialed access yields the best results for visibility. Yet, maintaining access can be difficult. Asset owners change...
The CIS Critical Controls Explained- Control 8: Malware Defenses
This is a continuation of our CIS critical security controls blog series. Workstations form the biggest threat surface in any organization. The CIS Critical Security Controls include workstation and user-focused endpoint security in several of the controls, but Control 8 Malware Defenses is the...
Live Dashboards for Demonstrating Remediation Progress
Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your vulnerability management solution to secur...
Want to bolster your security program? Keep users from making decisions.
How many times have you witnessed security problems caused by a user making bad decisions? I'd venture to guess at least a few dozen if not hundreds. We've all seen where the perfect storm forms through weaknesses in technical controls, user training, and - most often - common sense and the outco...
Cisco Enable / Privileged Exec Support
In Nexpose version 6.4.28, we are adding support for privileged elevation on Cisco devices through enable command for those that are running SSH version 2. A fully privileged policy scan provides more accurate information on the target's compliance status, and the ability to do so through enable...
In Fear of IoT Security
I wish I had a dime for every time I have heard someone say "With so many vulnerabilities being reported in the Internet of Things, I just dont trust that technology, so I avoid using any of it." I am left scratching my head because these same people seem to have no issues running a Windows...
About User Enumeration
User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. Two of the most common areas where user...
We want YOU...to speak at UNITED 2017!
Are you an IT or security professional who secretly dreams of speaking to a group of passionate people facing the same challenges and celebrating the same victories as you? Dream no more: For the next three weeks, were accepting submissions for presentations at UNITED 2017 September 13-14 in...
What is Syslog?
This post has been written by Dr. Miao Wang, a Post-Doctoral Researcher at the Performance Engineering Lab at University College Dublin. This post is the first in a multi-part series of posts on the many options for collecting and forwarding log data from different platforms and the pros and cons...
What are Javascript Source Maps?
Its generally a good practice to minify and combine your assets Javascript & CSS when deploying to production. This process reduces the size of your assets and dramatically improves your websites load time. Source maps create a map from these compressed asset files back to the source files. This...
Legislation to Strengthen IoT Marketplace Transparency
Senator Ed Markey D-MA is poised to introduce legislation to develop a voluntary cybersecurity standards program for the Internet of Things IoT. The legislation, called the Cyber Shield Act, would enable IoT products that comply with the standards to display a label indicating a strong level of...
Rapid7 issues comments on NAFTA renegotiation
In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative USTR - the nation's lead trade agreement negotiator - formally requested public input on objectives for the renegotiation of th...
Rapid7: Supporting the Community at BSides Boston
One of the things I love about working at Rapid7 is how deeply this company embodies the concept of giving back to the Security Community. Whether it be discussing research on adversary analytics, attack methods for breaking out of sandboxes, or simply breaking into the industry - Rapid7 encourag...
Compromising Embedded Linux Routers with Metasploit
Normally we don't get a lot of contributions regarding embedded devices. Even when they are an interesting target from the pentesting point of view, and is usual to find them out of DMZ zones on corporate networks. Maybe it's because access to these devices or the software running in top of them ...
5 Ways to Use Log Data to Analyze System Performance
Analyzing System Performance Using Log Data Recently we examined some of the most common behaviors that our community of 25,000 users looked for in their logs, with a particular focus on web server logs. In fact, our research identified the top 15 web server tags and alerts created by our...
Active vs. Passive Server Monitoring
Server monitoring is a requirement, not a choice. It is used for your entire software stack, web-based enterprise suites, custom applications, e-commerce sites, local area networks, etc. Unmonitored servers are lost opportunities for optimization, difficult to maintain, more unpredictable, and mo...
Introducing RubySMB: The Protocol Library Nobody Else Wanted To Write
The Server Message Block SMB protocol family is arguably one of the most important network protocols to be conversant in as a security professional. It carries the capability for File and Print Sharing, remote process execution, and an entire system of Named Pipes that serve as access points to a...
Nexpose Now: Because Security Doesn't Wait
Attackers dont wait for your schedule, in fact, they try and take advantage of your windows of wait when youre biding your time waiting for a scan. Just think of your typical Patch Tuesday, when you walk in on Wednesday your vulnerability management solution has all the checks, but then you wait...
Use DHCP Discovery to Implement Critical Security Control #1
The number one critical security control from the Center for Internet Security recommends actively managing all hardware devices on the network: CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage inventory, track, and correct all hardware devices on the network so that only...
Under the Hoodie: Actionable Research from Penetration Testing Engagements
Today, we're excited to release Rapid7's latest research paper, Under the Hoodie: Actionable Research from Penetration Testing Engagements, by Bob Rudis, Andrew Whitaker, Tod Beardsley, with loads of input and help from the entire Rapid7 pentesting team. This paper covers the often occult art of...
Using CIS Controls To Stop Your Network From Falling in With the Wrong Crowd
Earlier this month Kyle Flaherty wrote a post on the Rapid7 Community Blog about how Rapid7 came out on top for coverage of the Center for Internet Security CIS Top 20 Security Controls. In light of recent DDoS events Id like to take a little time to discuss at a high level what the controls are,...
Modern Network Coverage and Container Security in InsightVM
For a long time, the concept of "infrastructure" remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway i...
Incident Detection and Investigation - How Math Helps But Is Not Enough
I love math. I am even going to own up to having been a "mathlete" and looking forward to the annual UVM Math Contest in high school. I pursued a degree in engineering, so I can now more accurately say that I love applied mathematics, which have a much different goal than pure mathematics. Taking...
Nexpose Dimensional Data Warehouse and Reporting Data Model: What's the Difference?
The Data Warehouse Export recently added support for a Dimensional Model for its export schema. This provides a much more comprehensive, accessible, and scalable model of data than the previous now referred to as "Legacy" model. The foundation for this dimensional model is the same as the Reporti...
Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?
Every infosec conference is chatting about the Attack Chain, a visual mapping of the steps an intruder must take to breach a network. If you can detect traces of an attack earlier, you not only have more time to respond, but can stop the unauthorized access to monetizable data and its exfiltratio...
Managing Your Nexpose Scan Engines through the API
Here's a walk-through of a Ruby script that uses the nexpose gem to add and configure your Nexpose Scan Engines. This script configures the Dynamic Scan Pool feature. A Scan Engine pool is a group of shared Scan Engines that can be bound to a site so that the load is distributed evenly across the...