4 min
Penetration Testing
IoT Security Testing Methodology
By
Deral Heiland IoT - IoT Research Lead Rapid7
Nathan Sevier - Senior Consultant Rapid7
Chris Littlebury - Threat Assessment Manage Rapid7
End-to-end ecosystem methodology
When examining IoT technology, the actionable testing focus and methodology is
often applied solely to the embedded device. This is short sighted and
incomplete. An effective assessment methodology should consider the entire IoT
solution or as we refer to it, the IoT Product Ecosystem. Every interactive
component that makes
6 min
IoT
12 Days of HaXmas: 2016 IoT Research Recap
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
As we close out the end of the year, I find it important to reflect on the IoT
vulnerability research conducted during 2016 and what we learned from it. Th
3 min
IoT
IoT Security vs Usability
Recently we all have found ourselves talking about the risk and impact of poorly
secured IoT technology and who is responsible. Fact is there is enough blame to
go around for everyone, but let's not go there. Let us start focusing on
solutions that can help secure IoT technology.
Usability has been an issue that has plagued us since the beginning of time. As
an example, just going back to my youth and seeing my parents VCR flashing 12:00
all the time. We laugh at that, because it showed us thei
2 min
IoT
Research Lead (IoT)
It has been an amazing journey serving as the Research Lead for the Internet of
Things (IoT) at Rapid7 for past 10 months. I came into the role with more than a
decade of experience as a security penetration tester and nearly 15 years of
experience conducting security research across such areas as protocol based
attacks, embedded device exploitation, and web vulnerabilities, so taking on the
role, as Research Lead for IoT was the next obvious progression for me. Being
able to focus on IoT specif
7 min
IoT
Getting a Handle on the [Internet of] Things in the Enterprise
This blog post was written by Bob Rudis, Chief Security Data Scientist and Deral
Heiland, Research Lead.
Organizations have been participating in the “Internet of Things” (IoT) for
years, long before marketers put this new three-letter acronym together. HVAC
monitoring/control, badge access, video surveillance systems and more all have
had IP connectivity for ages. Today, more systems, processes and (for lack of a
more precise word) gizmos are being connected to enterprise networks that fit
int
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
[/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is
4 min
Authentication
Brute Force Attacks Using US Census Bureau Data
Currently one of the most successful methods for compromising an organization is
via password-guessing attacks. To gain access to an organization using brute
force attack
[https://www.rapid7.com/fundamentals/brute-force-and-dictionary-attacks/]
methods, there are a minimum of three things a malicious actor needs: A
username, a password, and a target. Often the targets are easy to discover, and
typically turn out to be email systems such as Outlook Web Access (OWA) or VPN
solutions that are expo
6 min
IoT
Smile! You're on Candid APT
Recently IP camera hacking has taken front stage in the news
[http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/]
. Actually, hacking IP cameras is not all that new—it's been around for a number
of years—but historically the focus has been related to gaining access to just
the video portion of the camera. But with IP cameras being one of the many IoT
technologies out there often found to be improperly secured, I figured it was
time to look
3 min
Authentication
Simple Network Management Protocol (SNMP) Best Practices
By Deral Heiland, Research Lead, and Brian Tant, Senior Consultant, of Rapid7
Global Services
Over the past several years while conducting security research in the area of
Simple Network Management Protocol (SNMP) and presenting those findings at
conferences around the world we are constantly approached with the same
question: “What are the best practices for securing SNMP”?
The first thing to remember about SNMP versions 1, 2, and 2c is that the
community strings used for authentication are c
10 min
Haxmas
12 Days of HaXmas: Advanced Persistent Printer
This post is the second in the series, "The 12 Days of HaXmas."
By Deral Heiland, Principal Consultant, and Nate Power, Senior Consultant, of
Rapid7 Global Services
Year after year we have been discussing the risk of Multi-Function Printers
(MFP) in the corporate environment and how a malicious actor can easily leverage
these devices to carry out attacks, including extraction of Windows Active
Directory credentials via LDAP and abusing the "Scan to File" and "Scan to
E-mail" features. To take
5 min
Vulnerability Disclosure
R7-2014-01, R7-2014-02, R7-2014-03 Disclosures: Exposure of Critical Information Via SNMP Public Community String
Summary of Vulnerabilities
This report details three critical information disclosure vulnerabilities. The
vulnerabilities were discovered while Matthew Kienow and I (Deral Heiland
[https://twitter.com/percent_x]) were researching information disclosure issues
in SNMP on embedded appliances for a talk
[http://carolinacon.org/abstracts.html#6] at CarolinaCon
[http://carolinacon.org/index.html]. During this research project, most devices
exposed information that would be classified as benign or pub