5 min
Authentication
R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)
This post describes three security vulnerabilities related to access controls
and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze
fixed all three issues by May 6, 2017, and user action is not required to
remediate. Rapid7 thanks Fuze for their quick and thoughtful response to these
vulnerabilities:
* R7-2017-07.1, CWE-284 (Improper Access Control)
: An unauthenticated remote
attacker can enumerate through MAC addr
1 min
Metasploit
Metasploit: The New Shiny
It's been a while since I've written a blog post about new stuff in Metasploit
(and I'm not sure if the
editors will let me top the innuendo of the last one
). But I'm privileged to
announce that I'm speaking about Metasploit twice next month: once at the FSec
17 Conference in Varaždīn, Croatia September 7-8, and a
second time at UNITED 2017
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: August 11, 2017
Slowloris: SMB edition
Taking a page from the Slowloris HTTP DoS attack
, the
aptly named SMBLoris DoS attack
exploits a vuln contained in many Windows releases (back to Windows 2000) and
also affects Samba (a popular open source SMB implementation). Through creation
of many connections to a target's SMB port, an attacker can exhaust all
available memory on the target by sendi
2 min
Metasploit
Hack with Metasploit: Announcing the UNITED 2017 CTF
Got mad skillz? Want mad skillz? This year at Rapid7's annual UNITED Summit
, we're hosting a first-of-its-kind Capture
the Flag (CTF) competition. Whether you're a noob to hacking or a grizzled pro,
you'll emerge from our 25-hour CTF with more knowledge and serious bragging
rights. Show off your 1337 abilities by competing for top prizes, or learn how
to capture your first ever flag. Read on for details, and if you haven't already
done so, register for UNITED
9 min
How to Prevent XSS Attacks
In my last post, we covered what is XSS and why it’s so hard to prevent, which
can seem overwhelming, given what we know now. With even major web sites making
mistakes should the rest of us just give up unplug our internet connections and
go read a book? Of course not, there are a number of techniques that the
community has developed to mitigate the risks of XSS. Here’s what we can do to
prevent XSS attacks.
Training
The first line of defense is Training the developers. At this point, it is
7 min
Research
Remote Desktop Protocol (RDP) Exposure
The Remote Desktop Protocol, commonly referred to as RDP, is a proprietary
protocol developed by Microsoft that is used to provide a graphical means of
connecting to a network-connected computer. RDP client and server support has
been present in varying capacities in most every Windows version since NT
. Outside of Microsoft's offerings,
there are RDP clients available for most other operating systems. If the nitty
gritty of protocols is your thing, Wiki
2 min
Metasploit Wrapup 8/4/17
With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why
not grab a drink and read up on what's new with Metasploit?
Where there's smoke...
At least a few versions
of open source firewall IPFire contain a post-auth RCE vulnerability, and we
(well, you!) now have a module to help exploit that
3 min
SMBLoris: What You Need To Know
What's Up?
Astute readers may have been following the recent news around "SMBLoris" — a
proof-of-concept exploit that takes advantage of a vulnerability in the
implementation of SMB services on both Windows and Linux, enabling attackers to
"kill you softly" with a clever, low-profile application-level denial of
service
(DoS) . This
vulnerability impacts all versions of Windows and Samba (the Linux software that
provides SMB services
3 min
Automation and Orchestration
Exploring SHA-1 (Secure Hash Algorithm)
Synopsis
In computer cryptography, a popular message compress standard is utilized known
as Secure Hash Algorithm (SHA). Its enhanced version is called SHA-1. It has the
ability to compress a fairly lengthy message and create a short message abstract
in response. The algorithm can be utilized along various protocols to ensure
security of the applied algorithm, particularly for Digital Signature Standard
(DSS). The algorithm offers five separate hash functions which were created by
National Sec
3 min
Automation and Orchestration
Triple DES, 3-DES Network Encryptor
Synopsis
Triple Data Encryption Algorithm (3DES) is an advancement of the popular DES
standard. 3DES utilizes symmetric key block cipher. Using three unrelated 64
bit keys, 3DES was created to encrypt 64 bit blocks of data. In DES block,
each key is utilized as an input. Without creating an entire new cryptosystem,
3DES can highlight the apparent defect in DES. Through exerting the algorithm
three times in progression with three unlike keys, 3-DES simply enhances the key
size of DES. As DES
3 min
How Do You Identify Zero-Days and Fileless Malware? Download (the) RAM.
When a tactic becomes less and less effective, it's important to shift
strategies and adapt. With malware
, attackers are doing
exactly that. As preventative measures such as antivirus and endpoint detection
and response continue to improve, it's harder for commodity and even obfuscated
malware to successfully install and persist on target machines unnoticed.
The most effective
4 min
Python
Virtual Machine Automation (vm-automation) repository released
Rapid7 just released a new public repo called vm-automation. The vm-automation
repository is a Python library that encapsulates existing methodologies for
virtual machine and hypervisor automation and provides a platform-agnostic
Python API. Currently, only ESXi and VMWare workstation are supported, but I
have high hopes we will support other hypervisors in time, and we would love to
see contributors come forward and assist in supporting them!
That's awesome. I want to get started now!
Great! I
6 min
Hacking
Building a Car Hacking Development Workbench: Part 3
Welcome back to the car hacking development workbench series. In part two we
discussed how to read wiring diagrams. In part three, we are going to expand on
the workbench by re-engineering circuits and replicate signals used in your
vehicle.
If this is your first time stumbling across this write up, I encourage you to
check out the previous two parts to this series:
Part 1: Constructing a Workbench
Part 2: How to Read Wiring Di
2 min
Introducing InsightAppSec: Cloud-powered Application Security Testing
Rapid7 announces today the launch of InsightAppSec
, the newest product to be
delivered on the Insight platform
.
InsightAppSec combines the power and accuracy of Rapid7's industry-leading and
proven Dynamic Application Security Testing (DAST) engine with the quick
deployment, scalability, and ease-of-use of the Insight platform, enabling
security teams to quickly identify the critical security ga
1 min
InsightVM now available in Japan
InsightVM customers can now choose to store their InsightVM data in Japan. At
Rapid7, we enable customers to comply with policies and preferences by selecting
the region where their data is transmitted, processed, and stored. We're excited
to announce that Japan joins our existing data centers in the United States and
Germany as an option for InsightVM data.
When enabling InsightVM cloud features for the first time, customers will see a
dialog where they can select which region should store the