All Posts

3 min Penetration Testing

Password Tips From a Pen Tester: Common Patterns Exposed

When my colleagues and I are out on penetration tests, we have a fixed amount of time to complete the test. Efficiency is important. Analyzing password data like we’re doing here helps pen testers better understand the likelihood of password patterns and choices, and we use that knowledge to our advantage when we perform penetration testing service engagements at Rapid7. In my experience, most password complexity policies require at l
3 min Vulnerability Disclosure

R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)

This post describes CVE-2018-5553, a vulnerability in the Crestron Console service that is preinstalled on the DGE-100. Due to a lack of input sanitization, this service is vulnerable to command injection that can be used to gain root-level access. DGE-100 devices running firmware versions 1.3384.00049.001 and lower with default configuration are vulnerable to CVE-2018-5553. CVE-2018-5553 is categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command)

2 min Metasploit Weekly Wrapup

Metasploit Wrapup 6/8/18

Just Let Me Grab My Popcorn First This week, rmdavy contributed a pair of modules designed to fool Windows into authenticating to you so you can capture sweet, sweet NetNTLM hashes. BadODT targets LibreOffice/Apache OpenOffice by providing a link to an image on a network share, and the new Multi Dropper creates all sorts of files Windows itself lov
1 min Metasploit

Announcement: End of Life for Metasploit Express Edition

Today, June 4th, 2018, Rapid7 announced that Metasploit Express edition will see end of life on June 4th, 2019. This is being done to focus efforts on Metasploit Pro , which continues to be a major investment for Rapid7 and will consistently see new innovations. Milestone Description Date End of life announcement date The date that the end of life date has been announced to the general public. June 4th, 2018 Last date of support The last da
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 6/1/18

Upgrade Your SOCKS Thanks to zeroSteiner , we have some very nice additions to the SOCKS5 library this week. His changes enabled BIND connections through the SOCKS5 proxy , improved automated testing around the code, and broke it up into more manageable, targeted submodules. Now that Trevor’s dying wish has been fulfilled, the team can finally leave

6 min Managed Detection and Response (MDR)

Managed Threat Detection and Response Vendors: Questions You Need to Ask

In this post, Wade Woolwine, managed services director of technology at Rapid7, details our approach to managed detection and response: visibility, analytics, and arming our analysts with smart, customizable automation. Defending the modern enterprise is hard work. Between the need for round-the-clock coverage, technology to provide full visibility across the expanding enterprise, a highly skilled and experienced team, and the business level pressure to “prevent a breach,” there is little wonde
4 min InsightVM

How to Streamline Your Vulnerability Remediation Workflows with InsightVM Projects

If you’re like many security practitioners, you spend a lot of time working with spreadsheets. Whether you’re trying to prioritize your findings or distribute work to remediation teams, an all-too-common workflow is to export this data into a spreadsheet to then be sorted, filtered, copied, and distributed. This tedious, manual effort seems to be the standard for vulnerability management programs everywhere, but with our vulnerabil
3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/25/18

Bonjour! Que désirez-vous? We want to know what you'd like to see out of our latest Metasploit improvements. Please take a moment to fill out our community survey to help shape Metasploit's new backend data service. Tell us how you use the Metasploit database, which Metasploit data you use with other tools, how you need to store data from modules you've written, and so on. Please take our survey!

3 min

What the Heck is Drive-By Cryptomining?

It sounds like a cross between a slightly terrifying violent gang activity and a silly metaphor for drugery.Actually, that’s about right. Let’s start with the cryptomining part. For the uninitiated, Cryptomining is the process of doing computing work to earn cryptocurrency. The basis of cryptocurrency is a shared cryptographic ledger. You need a lot of computing power to process the
6 min Penetration Testing

How to Build Your Own Caller ID Spoofer: Part 1

Purpose Organizations with mature security programs often test their own internal awareness programs by performing social engineering campaigns (e.g., telephone pretexting) on their personnel. These may include hiring third-party consulting companies as well as performing internal tests. These tests should strive to be as real-world as possible in order to accurately simulate a malicious actor and learn from employees’ reactions and ascertain the level of risk they pose to the organization. Spo
3 min Metasploit Weekly Wrapup

Metasploit Wrapup 5/18/18

You Compile Me Our very own wchen-r7 added the ability to compile C code in metasploit, including (select) dependencies by creating a wrapper for metasm. Right now, support for windows.h is the first salvo in custom compiling tools within the metasploit interface! Hack all the things! For a long time, people have asked us to support RHOSTS in exploits just like we do in AUX modules. We listened, and now framework exploits support RHOSTS! Set your exploit, your

1 min Phishing

Whiteboard Wednesday: The Two Components of Phishing Protection Your Security Strategy Needs

You’re no stranger to the threat of phishing. It’s everywhere, and plays a role in 92% of breaches, according to the Verizon Data Breach Digest . Last month, during the first installment of our phishing Whiteboard Wednesday series, we talked about the key components of an anti-phishing program, and this month we’re continuing the series by diving even deeper

2 min InsightIDR

Rapid7 Quarterly Threat Report: 2018 Q1

Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report ! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look at trends in alerts over time, there is almost never a one-alert-per-incident correlation. Adversary actions involve multiple steps, which generate multiple alerts, and aft
2 min Metasploit Weekly Wrapup

Metasploit Wrapup: 5/11/18

Chaining Vulnerabilities Philip Pettersson discovered vulnerabilities in certain PAN OS versions that could lead to remote code execution and hdm wrote a Metasploit module for the exploit chain . The exploit chain starts off with an authentication bypass, which allows the module to access a page that is vulnerable to an XML injection. This page is then used to create a directory where a pay
4 min InsightIDR

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather and analyze. Unless you have a deep knowledge of operating systems to build this yourself—or additional budget to add these data streams to your SIEM tool —it may not be feasible for y

Popular Topics

Tags