Metasploit Wrapup

A fresh, new UAC bypass module for Windows 10! Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works like a charm! Reach out and allocate something This...

Wanna see WannaCry vulns in Splunk?

Do you want to see your WannaCry vulns all in one dashboard in Splunk? We've got you covered. Before you start, make sure you have these two apps installed in your Splunk App: Rapid7 Nexpose Technology Add-On for Splunk Rapid7 Nexpose for Splunk Steps 1. Follow the directions in this blog post to...

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative USTR - the nation's lead trade agreement negotiator - formally requested public input on objectives for the renegotiation of th...

About User Enumeration

User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. Two of the most common areas where user...

National Exposure Index 2017

Today, Rapid7 is releasing the second National Exposure Index, our effort to quantify the exposure that nations are taking on by offering public services on the internet--not just the webservers like the one hosting this blog, but also unencrypted POP3, IMAPv4, telnet, database servers, SMB, and...

Patch Tuesday - June 2017

This month sees another spate of critical fixes from Microsoft, including patches for a number of Remote Code Execution RCE vulnerabilities. Two of these are already known to be exploited in the wild CVE-2017-8543 and CVE-2017-8464. Today's patches are so crucial that Microsoft has once again...

Live Threat-Driven Vulnerability Prioritization

We often hear that security teams are overwhelmed by the number of vulnerabilities in their environments: every day they are finding more than they can fix. It doesnt help when rating schemes used for prioritization, like the Common Vulnerability Scoring System CVSS, dont really work at scale or...

Why you have to move beyond “We have a policy for that”

Ive never been a big fan of - or have believed in the value of - security policies. Sure, theyre necessary for setting expectations and auditors want to see them. They can also serve as a sort of insurance policy to fall back on when an unexpected security "event" occurs. But, at the end of the...

Collaborative Storytelling at Rapid7

Great ideas can come from anywhere! At Rapid7, we design and develop wonderful products we hope you think so too!. Everything here starts with stories. Storytelling matters: The ability to tell a compelling story is the defining quality of human nature. Storytelling is just as important in busine...

WannaCry coda: Have you disabled SMBv1?

By now, if you're reading this blog, you probably have read about WannaCry. If not, please take a moment to review: Wanna Decryptor WNCRY Ransomware Explained Using Threat Intelligence to Mitigate Wanna Decryptor WannaCry WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are...

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

Update 5/18/17: EternalBlue exploit used in WannaCry attack is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010. Also removed steps 5 and 6 from scan instructions as they were not strictly...

We want YOU...to speak at UNITED 2017!

Are you an IT or security professional who secretly dreams of speaking to a group of passionate people facing the same challenges and celebrating the same victories as you? Dream no more: For the next three weeks, were accepting submissions for presentations at UNITED 2017 September 13-14 in...

Better Credential Management for Better Vulnerability Results

Often the first time the security team knows that credentials have expired is when their scans start to return dramatically fewer vulnerabilities. We all know getting credentialed access yields the best results for visibility. Yet, maintaining access can be difficult. Asset owners change...

The CIS Critical Controls Explained- Control 8: Malware Defenses

This is a continuation of our CIS critical security controls blog series. Workstations form the biggest threat surface in any organization. The CIS Critical Security Controls include workstation and user-focused endpoint security in several of the controls, but Control 8 Malware Defenses is the...

The CIS Critical Security Controls Series

What are the CIS Critical Security Controls? The Center for Internet Security CIS Top 20 Critical Security Controls previously known as the SANS Top 20 Critical Security Controls, is an industry-leading way to answer your key security question: "How can I be prepared to stop known attacks?" The...

R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms

Summary Nexpose physical appliances shipped with an SSH configuration that allowed obsolete algorithms to be used for key exchange and other functions. Because these algorithms are enabled, attacks involving authentication to the hardware appliances are more likely to succeed. We strongly encoura...

Metasploit Wrapup

It has only been one week since the last wrapup, so it's not like much could have happened, right? Wrong! Misery Loves Company After last week's excitement with Metasploit's version of ETERNALBLUE AKA the Wannacry vulnerability, this week SAMBA had its own "Hold My Beer" moment with the disclosur...

Getting started in sales: Q&A with Eric Erston

Today we're excited to introduce a key leader in Rapid7s sales organization: Eric Erston is Rapid7's senior vice president of sales for the Americas region. He has extensive experience in a variety of sales roles, including leading go-to-market functions for mergers and acquisitions. Prior to...

Introducing InsightOps: A New Approach to IT Monitoring and Troubleshooting

Today we are announcing the general availability of a brand new solution: Rapid7 InsightOps. This latest addition to the Insight platform continues our mission to transform data into answers, giving you the confidence and control to act quickly. InsightOps is Rapid7s first IT-specific solution,...

R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure

This post describes a vulnerability in Yopify a plugin for various popular e-commerce platforms, as well as remediation steps that have been taken. Yopify leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization. This poses a significant...

Live Dashboards for Demonstrating Remediation Progress

Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your vulnerability management solution to secur...

DevOps: Vagrant with AWS EC2 & Digital Ocean

The Benefits of Vagrant Plugins Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We Use Them and Vagrant with Chef-Server, we will take another step forward and look into provisioning our servers in the cloud. There are many cloud providers out there, most who provide...

How to Combine D3 with AngularJS

The Benefits and Challenges of D3 Angular Combination Today we'll be focusing on how to combine D3 with the AngularJS framework. As we all know, Angular and D3 frameworks are very popular, and once they work together they can be very powerful and helpful when creating dashboards. But, they can al...

InsightVM/Nexpose Patch Tuesday Reporting

Many of our customers wish to report specifically on Microsoft patch related vulnerabilities. This often includes specific vulnerabilities that are patched in Patch Tuesday updates. This post will show you the various ways that you can create reports for each of these. Remediation Projects...

Patching CVE-2017-7494 in Samba: It’s the Circle of Life

With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm, today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 - affects versions 3.5 released March 1, 2010 and onwards of Samba, the defacto standard...

Metasploit Wrapup

It has been an intense couple of weeks in infosec since the last Wrapup and we've got some cool things for you in the latest update. Hacking like No Such Agency I'll admit I was wrong. For several years, I've been saying we'll never see another bug like MS08-067, a full remote hole in a default...

Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose

Just when youd finished wiping away your WannaCry tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon. As with WannaCry, we wanted to ke...

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

Rebekah Brown and the Rapid7 team have delivered a spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before you read any further, if you havent done so already, please read her post. Its probably not the only post youve read on this topic, but it is cogent, well-constructed...

What is Syslog?

This post has been written by Dr. Miao Wang, a Post-Doctoral Researcher at the Performance Engineering Lab at University College Dublin. This post is the first in a multi-part series of posts on the many options for collecting and forwarding log data from different platforms and the pros and cons...

What are Javascript Source Maps?

Its generally a good practice to minify and combine your assets Javascript & CSS when deploying to production. This process reduces the size of your assets and dramatically improves your websites load time. Source maps create a map from these compressed asset files back to the source files. This...

Heroku Dynos Explained

What are Heroku Dynos? If youve ever hosted an application on Heroku, the popular platform as a service, youre likely at least aware of the existence of "Dynos". But what exactly are Heroku Dynos and why are they important? As explained in Herokus docs, Dynos are simply lightweight Linux containe...

Modern Network Coverage and Container Security in InsightVM

For a long time, the concept of "infrastructure" remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway i...

Active vs. Passive Server Monitoring

Server monitoring is a requirement, not a choice. It is used for your entire software stack, web-based enterprise suites, custom applications, e-commerce sites, local area networks, etc. Unmonitored servers are lost opportunities for optimization, difficult to maintain, more unpredictable, and mo...

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows S...

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows S...

The CIS Critical Controls Explained - Control 7: Email and Web browser protection

This blog is a continuation of our blog post series around the CIS Critical Controls. The biggest threat surface in any organization is its workstations. This is the reason so many of the CIS Critical Security Controls relate to workstation and user-focused endpoint security. It is also the reaso...

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose and InsightVM users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. ...

R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities

Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems...

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the...

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

Today, security teams are starting their work week with a scramble to remediate MS17-010, in order to prevent the associated ransomware attack, WannaCry, also known as Wanna Decryptor, WNCRY, and Wanna Decryptor 2.0 how I miss the halcyon days when vulnerabilities had gentle names like Poodle. Wi...

Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)

Basics of Cyber Threat Intelligence Cyber Threat Intelligence is analyzed information about the opportunities, capabilities, and intent of cyber adversaries. The goal of cyber threat intelligence is to help people make decisions about how to prevent, detect, and respond to threats against their...

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

Today, security teams are starting their work week with a scramble to remediate MS17-010, in order to prevent the associated ransomware attack, WannaCry, also known as Wanna Decryptor, WNCRY, and Wanna Decryptor 2.0 how I miss the halcyon days when vulnerabilities had gentle names like Poodle. Wi...

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM or Nexpose Rapid7's vulnerability management solutions with Metasploit our penetration testing solution is a lot like Cupid playing "matchmaker" with vulnerabilities and exploit modules. When a vulnerability scan is imported into Metasploit, many things happen under the hood...

On the lookout for Intel AMT CVE-2017-5689

Weve had some inquiries about checks for CVE-2017-5689, a vulnerability affecting Intel AMT devices. On May 5th, 2017, we released a potential vulnerability check that can help identify assets that may be vulnerable. We initially ran into issues with trying to determine the exact version of the...

White House Cybersecurity Executive Order Summary

Yesterday President Trump issued an Executive Order on cybersecurity: "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." The Executive Order EO appears broadly positive and well thought out, though it is just the beginning of a long process and not a sea change in...

Discovery of assets in Active Directory

Many security teams work in a world that they can't fully see, let alone control. It can be difficult to know how to make meaningful progress in your vulnerability management program when simply maintaining visibility can be a struggle. One way to get some leverage is to make wise use of asset...

Announcement: End-of-life Metasploit 32-bit versions

Rapid7 announced the end of life of Metasploit Pro 32-bit versions for both Windows and Linux operating systems on July 5th, 2017. This announcement applies to all editions: Metasploit Pro, Metasploit Express and Metasploit Community. After this date Metasploit 32-bit platforms will not receive...

IoT Security Testing Methodology

By Deral Heiland IoT - IoT Research Lead Rapid7 Nathan Sevier - Senior Consultant Rapid7 Chris Littlebury - Threat Assessment Manage Rapid7 End-to-end ecosystem methodology When examining IoT technology, the actionable testing focus and methodology is often applied solely to the embedded device...

Want to bolster your security program? Keep users from making decisions.

How many times have you witnessed security problems caused by a user making bad decisions? I'd venture to guess at least a few dozen if not hundreds. We've all seen where the perfect storm forms through weaknesses in technical controls, user training, and - most often - common sense and the outco...