3 min
Stopping Command Injection Attacks by Instrumenting Application Runtimes
Command injection (CMDi) attacks are suspected to be behind several high-profile
data breaches recently.
Command Injection Attacks – A Clear and Present Danger
The massive data breach at Equifax
was due to a
vulnerability
in a popular web framework that allowed attackers to penetrate their systems
t
4 min
Automation and Orchestration
How to Securely Handle a Lost or Stolen Device: A Practical Workflow
It’s 10pm and you receive an email from a teammate that their laptop was stolen
at a local networking event. You learn that not only was their computer
unlocked, but they were logged into their company email and Salesforce accounts
at the time the device was stolen.
Devices like laptops and phones hold a lot more value than the technology
itself. Everything from customer data to company files and account logins are
stored and easily accessible on these devices, making them easy targets for data
3 min
Cybersecurity
NCSAM Security Crash Diet: Wrap-up
Wow, it’s November 7 already, and I still have all my National Cyber Security
Awareness Month
decorations up! I really need to take care of those. But, before I get to taking
down all my 2FA authentication token lawn decorations, I figured it’d be a good
time to chat it up with Olivia, and see how her NCSAM crash diet went.
Tod: So, over the course of the month, what’s the one task you performed that
benefited you the most?
Olivia:
5 min
Metasploit
Testing Developer Security with Metasploit Pro Task Chains
In this modern age, technology continues to make inroads into all sorts of
industries. Everything from smartphones to late-model automobiles to
internet-connected toasters requires software to operate, and this proliferation
of software has brought along gaggles of software developers with their
tools-of-the-trade. All this technology —not to mention the people utilizing it—
can result in an increased attack surface for organizations doing software
development.
In this blog post, we’ll explore
2 min
InsightIDR
Faster Investigations, Closer Teamwork: InsightIDR Enhancements
Incident investigations aren’t easy. Imagine investigation as a 100-piece jigsaw puzzle, except there are a million unarranged pieces to build from. Top analysts need to know what “bad” looks like and how to find it, and they must bring a sharp Excel game to stitch everything together...
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Nov. 3, 2017
What’s New?
This week’s release sees multiple improvements and corrections, some years in
the making! We fixed an interesting bug in the initial handshake with
meterpreter that caused some payload callbacks to fail, improved error and
information reporting in other modules, and then @h00die ran spellcheck
!
New (and Improved!) Modules (2 New):
After three years, @wvu’s tnftp aux module grew up to become a strong,
well-rounded explo
4 min
Detection and Response
Changing the Corporate Network Attacker’s Risk-Reward Paradigm
Defending a corporate network is hard, while attacking one is all too easy. We break down the risk/reward ratio for corporate attackers and what we can do to change it.
6 min
Metasploit
Testing SMB Security with Metasploit Pro Task Chains: Part 2
This is part two of our blog series on testing SMB security with Metasploit Pro.
In the previous post, we explained how to use Metasploit Pro’s Task Chains
feature to audit SMB passwords automatically. Read it here
if you haven’t already.
In today’s blog post, we will talk about how to use a custom resource script in
a Task Chain to automatically find some publicly-known high-profile
vulnerabilities in SMB. Publi
4 min
Automation and Orchestration
Security Career Paths: Common and Unique Roles
Security is one of the most in-demand roles today. According to recent numbers
, the demand for security workers is expected to grow to 6 million worldwide by
2019. So how do you get into or grow your career in security?
What makes security so interesting is the many directions you can take —
traditional or not. This post will walk you through how to build
6 min
IoT
NCSAM Security Crash Diet, Week 4: IoT
The final week of our 'Security Crash Diet' series for NCSAM explores what the IoT device purchasing process is like for consumers who want to buy IoT with security in mind. Spoiler: It isn't easy.
6 min
Metasploit
Testing SMB Server Security with Metasploit Pro Task Chains: Part 1
A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.
2 min
Metasploit
Metasploit Wrapup: Oct. 27, 2017
Would you like to help Metasploit Framework and get a free t-shirt?
There is still a bit of October left, which means you can totally still sign up
for Hacktoberfest : a fun annual project to
encourage open source software contributions! Make four pull requests on any
open source GitHub project by Oct 31, and you might find yourself some joy and
fulfilment—but at least a free t-shirt.
Check out the Contribute section on the refreshed metasploit.com
2 min
Automation and Orchestration
Why Security Teams Should Embrace (Not Fear) Automation
It’s not the coming of the apocalypse. It’s not the end of the security
profession. And it’s certainly not a bad thing. We’re talking about the rise of
automation. As security threats become a bigger part of the day-to-day concerns
at all types of organizations, bringing in machines has become necessary to keep
up. In fact, security automation can help you become even more valuable as an
employee. Being at the heart of the security orchestration and automation
3 min
IoT
ROCA: Vulnerable RSA Key Generation
In the KRACK-related and BadRabbit-related chaos of the past week and a half,
some people missed a less flashy vulnerability that nevertheless dug up key
long-term questions on IoT supply chains and embedded technology. The
Czech-based Center for Research on Cryptography and Security published research
last weekon a vulnerability (CVE-2017-15361) in the RSA key generation process
in a widely-used cryptographic software library found in Infineon secure chips.
Specifically:
“The algorithmic vulne
3 min
Malware
The BadRabbit Ransomware Attack: What You Need To Know
What’s Up?
Rapid7 has been tracking reports of an expanding ransomware campaign dubbed
BadRabbit. Russian news outlets and other organizations across Europe have
reported being victims of this malware and the “outbreak” is continuing to
spread.
The BadRabbit attackers appear to have learned some lessons from previous
outbreaks earlier this year and have both limited the external spreading
capabilities of the ransomware as well as made the payments a bit harder for
researchers, responders and au