3 min
Kubernetes Security
Analyzing Activity on Kubernetes Ports: Potential Backdooring Through the Kubelet API
Recently at Rapid7 Labs, we’ve noticed an increase in activity on ports related
to the management of a Kubernetes
cluster. In this
post, we provide background context to Kubernetes and how it relates to the
issues we see, as well as offer some guidance for securing a Kubernetes cluster.
These days, more and more people are deploying their software using container
services such as Docker. Containers make it easy for developers to replica
3 min
Application Security
In Our Customers’ Words: Why Mastering Application Security Basics Matters
In a recent conversation with a Rapid7 application security customer, I was
reminded how much of a security practitioner’s day can be consumed by
troubleshooting buggy tools and manually executing the same tasks over and over
again (needlessly, may I add). As much as we’d like to think that security
professionals’ time is being efficiently utilized, oftentimes inadequate tools,
a lack of automation, and organizational silos impede SecOps-driven
progress
2 min
InsightIDR
Deception Technology in InsightIDR: Setting Up Honeypots
In order to overcome the adversary, we must first seek to understand. By
understanding how attackers operate, and what today’s modern network looks like
from an attacker’s perspective, it’s possible to deceive an attacker, or at
least have warning around internal network compromise. Today, let’s touch on a
classic deception technology
that continues to
evolve: the honeypot.
Honeypots are de
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 6/22/18
Welcome to another installment of the week! This installment features a new
ETERNALBLUE module in everyone's favorite reptile-brain language, Python!
Sporting support for Windows 8 and 10, it has everything you need, including
immutable strings and enforced whitespace.
In other Windows 10 news, chervalierly fixed an
annoying bug in rex-powershell that prevented PsExec from working on later
versions of Windows 10. Now, you can PsExec to your heart’s content. Go f
6 min
Automation and Orchestration
Top Three Questions to ask Security Orchestration and Automation Vendors
If you’ve been in cybersecurity for some time, you’ve likely heard about the
many benefits of security orchestration and automation
: time
saved, costs reduced, risk exposure mitigated ... the list goes on. And as this
popular technology proliferates across our industry, you have more options than
ever before when it comes to choosing a security orchestration, automation, and
response (SOAR) solution.
It’s important to not
2 min
User Behavior Analytics
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a
key feature of InsightIDR ,
Rapid7’s threat detection and incident response solution
. Users can
take this ability one step further by deploying deception technology, like honey
users, which come built into the product. A honey user is a dummy user not
associated with a real person within your organization. B
4 min
Customer Perspective
Why Bow Valley College Gives Rapid7 InsightVM High Marks for Vulnerability Management
Bow Valley College uses InsightVM dashboards to identify quick wins, measure
success, and communicate to senior leadership. James Cairns, database
administrator at Bow Valley College, gave us a look into their vulnerability
management journey with Rapid7.
It’s my job to assess vulnerabilities, facilitate patching, and work with the
rest of my infrastructure team to optimize our resources in order to stay on top
of security issues. As the database administrator for Bow Valley College in
Calgary,
5 min
IoT
Security Impact of Easily Accessible
UART on IoT Technology
When it comes to securing IoT devices, it’s important to know that Universal
Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom
for device analysis when you have physical access. For example, as part of
ongoing security research and testing projects on embedded technology we own, I
have opened up a number of devices and discovered a majority of them having UART
enabled. Those with UART enabled have—in every case—provided a path to full root
access and allowed me to
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 6/15/18
New Privilege Escalation Exploit
The glibc 'realpath()' module
was added by bcoles
. It attempts to gain root privileges on Debian-based
Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <=
2.26. This exploit uses halfdog's RationalLove
exploit to expose a buffer underflow error in glibc realpath() and create a SUID
root shell. The module includes offset
7 min
Penetration Testing
How to Create a Secure and Portable Kali Installation
The following is a guest post from Rapid7 customer Bo Weaver.
Hi, everyone. I’m Bo, a penetration tester at CompliancePoint (and also a
customer of Rapid7). If you’re just getting started in penetration testing
, or are simply
interested in the basics, this blog is for you.
An Intro to Kali
Kali Linux is an open source project that is maintained and funded by Offensive
Security , a provider of inform
4 min
Threat Intel
A Common Retailer Dark Web Profile: What We Found in Our Search
In this post, we share examples of common retailer data found across the Dark Web and build a “Dark Web profile” for a typical retail company.
5 min
Phishing
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
.
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
4 min
Automation and Orchestration
How Security Orchestration and Automation Will Unite Infosec
After working in the security industry for 15 years, one of the consistent
themes I’ve observed is how teams struggle with balancing the increasing amount
of work they have to do, without an increase in resources to accomplish their
goals. But there’s another, less obvious problem that I like to refer to as a
different kind of SaaS: “security as a silo.”
It should be no surprise that large organizations frequently struggle with silos
that create friction and miscommunication—barriers that get i