2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/20/18
Privilege Escalation
Linux BPF
CVE-2017-16995 is a Linux
kernel vulnerability in the way that a Berkeley Packet Filter (BPF) is verified.
Multiple sign extension bugs allows memory corruption by unprivileged users,
which could be used for a local privilege escalation attack by overwriting a
credential structure in memory to gain root access to a compromised host. The
bpf_sign_extension_priv_esc module
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
2 min
Penetration Testing
Password Tips from a Pen Tester: What is Your Company’s Default Password?
Welcome back to Password Tips From a Pen Tester.
The first day on the job: We fill out all the requisite paperwork for Human
Resources and get a computer and our network password. That password is often
something easy to remember, and is often the same for every new employee. It
might be Welcome1, ChangeMe! or one of our old favorites, the SeasonYear (ie.
Summer2018). If a new employee is having trouble signing in for the first time
and they call the help desk, they can easily get the help they
3 min
How to Use Metasploit Teradata Modules
As penetration testers, we often find ourselves working with applications and
services that are new to us or uncommon. In one such case, I performed an
internal network penetration test that was focused exclusively on a handful of
Teradata database servers. To test for weak passwords, I had cobbled together a
Windows batch file that would wrap username and password lists around Teradata’s
bteq application. However, one thing I wanted to do was come back sometime and
build a proper Metasploit log
3 min
Azure
Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform
Today, we announced
continued, more comprehensive development of the integration between the Rapid7
Insight platform and
Microsoft Azure.
A new integration with Azure Security Center makes it easy to deploy the Rapid7
unified Insight Agent across new and existing Azure Virtual Machines. This
automated deployment enables InsightVM customers to maintain consta
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/13/18
Committing to some shells in GitList
Shelby has been killing it with new exploit and
aux modules by the day. In this iteration, she's produced an exploit
for GitList 0.6.0
and likely older versions. The software is built on PHP and allows users to view
a Git repo on the web. Through an argument injection, a fake pager
can be executed... that is really
our shell
13 min
Your Black Hat 2018 Survival Guide
Our security team knows a thing or two about conquering a conference – making
the most out of the day and night. So the team got together to share their
personal recommendations on things to do and things to know in this handy Black
Hat 2018 Survival Guide.
We’ve got you covered on all things Black Hat.
* Getting Around – Monorail, shuttle services, and hotels
* Where to Party – The full list of official and unofficial parties
* Recoup and Recover – There are a ton of spots to escape the c
5 min
Penetration Testing
How to Build Your Own Caller ID Spoofer: Part 2
In Part 1 , we
talked about the need for organizations to test their security programs by
performing social-engineering campaigns with their employees so they can
understand employee susceptibility to these kinds of tactics, the potential
impact to the organization of this kind of attack, and develop methods of
defending against a real attack. We spoke about the need for accurately
simulating threat actors by setting up an Asterisk PBX
4 min
SOAR
Building a Tech Stack to Enable Security Orchestration and Automation
In this blog post, we explore how to plan for security orchestration and automation while building out your technology stack. Learn more.
5 min
Threat Intel
How to Automate Identifying and Take Down Malicious Social Media Profiles
Here is how Rapid7 has automated the process of identifying and taking down fake social media profiles to help companies proactively identify these scams.
1 min
Metasploit
Metasploit Wrapup 7/6/18
New Modules
Exploit modules (3 new)
* Nagios XI Chained Remote Code Execution
by Benny Husted , Cale Smith
, and Jared Arave
, which exploits CVE-2018-8736.
Monitor this series of unfortunate events all the way to magical shells.
* Boxoft WAV to MP3 Converter v1.1 Buffer Overflow
3 min
Threat Intel
15 Technologies and Tools Commonly Used in Dark Web Black Markets
Here is our list of 15 common technologies and tools used by cybercriminals to access and communicate via the dark web.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 6/29/18
Moar Power
OJ Reeves added
two new PowerShell
transport functions to Metasploit payloads and made modifications to the
PowerShell transport binding functionality. The aptly-named Add-TcpTransport
function adds an active TCP transport to the current session and the
Add-WebTransport function adds an HTTP/S transport to the current session. These
functions are fully documented, allowing the user to leverage the Ge
3 min
Automation and Orchestration
Do You Need Coding Resources on Your Security Team?
Often when security teams think about security automation
, they worry they
don’t have the coding capabilities needed to create, implement, and maintain it.
Pulling development resources from the IT team or engineering department can
take time; backlogs are long, and revenue-generating projects tend to take
priority. Another option is to hire an IT consultant, but this can be pricey and
may not be sustainable long-term.
Instead, some sec
3 min
Kubernetes Security
Analyzing Activity on Kubernetes Ports: Potential Backdooring Through the Kubelet API
Recently at Rapid7 Labs, we’ve noticed an increase in activity on ports related
to the management of a Kubernetes
cluster. In this
post, we provide background context to Kubernetes and how it relates to the
issues we see, as well as offer some guidance for securing a Kubernetes cluster.
These days, more and more people are deploying their software using container
services such as Docker. Containers make it easy for developers to replica