6 min
IoT
12 Days of HaXmas: 2016 IoT Research Recap
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
As we close out the end of the year, I find it important to reflect on the IoT
vulnerability research conducted during 2016 and what we learned from it. Th
5 min
Haxmas
12 Days of HaXmas: The One Present This Data Scientist Wants This Holiday Season
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
> “May you have all the data you need to answer your questions – and may half of
the values be corrupted!”
> - Ancient Yiddish curse
This year, Christm
7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
, which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
6 min
IT Ops
The Value of Correlation IDs
In the old days when transactional behavior happened in a single domain, in
step-by-step procedures, keeping track of request/response behavior was a simple
undertaking. However, today one request to a particular domain can involve a
myriad of subsequent asynchronous requests from the starting domain to others.
For example, you send a request to Expedia, but behind the scenes Expedia is
forwarding your request as a message to a message broker. Then that message is
consumed by a hotel, airline
4 min
User Behavior Analytics
SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds
Security Information and Event Management (SIEM)
is security's Schrödinger's cat.
While half of today's organizations have purchased SIEM tools, it's unknown if
the tech is useful to the security team… or if its heart is even beating or
deployed. In response to this pain, people, mostly marketers, love to shout that
SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0,
Security Analytics, User & Entity Behavior Analytics
6 min
Automation and Orchestration
Cybersecurity careers and the certifications needed
Synopsis
Cybersecurity has become one of the top sought after careers in the Information
Technology field. Careers ranging from an ethical hacker to a security auditor.
With so many options to choose from, where do you start to pursue such a
purposeful and exciting future? I will explain some of the top certifications
that are offered and what fields they are associated with.
Institutes and their certifications
International Information Systems Security Certification Consortium, Inc. (ISC)2
7 min
Rapid7 Perspective
2017 Cybersecurity Horoscopes
What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked
crystal balls, and cast runes to peer into the future. See what the signs have
in store for you in the new year.
Sage Corey Thomas, Rapid7
Gazing into the future of 2017, I believe we will continue to see market
consolidation of security vendors. With a focus on increasing productivity,
organizations will move further from disparate, point-solutions that solve just
one problem to solutions that can be leveraged through
3 min
Nexpose
"Informational" Vulnerabilities vs. True Vulnerabilities
A question that often comes up when looking at vulnerability management
tools is, “how many vulnerability checks do you have?” It makes sense on the
surface; after all, less vulnerability checks = less coverage = missed
vulnerabilities during a scan right?
As vulnerability researchers would tell you, it's not that simple: Just as not
all vulnerabilities are created equal, neither are vulnerability checks.
How “True”
5 min
Automation and Orchestration
Inspecting Network Traffic with tcpdump
Synopsis
Tcpdump, as the name suggests, captures and dumps(writes) the network
traffic passing through a given server’s or node’s network interfaces . It is a
classic command line tool written in 1987 and remains one of the most
powerful tools for analyzing network traffic. Many options and filters available
in the tool makes it easier to slice and dice the data. The data then can be
used by network administrators and enthusiasts for many purposes such as,
security & forensic analyses, trouble s
5 min
Automation and Orchestration
How to Install OpenVPN on Windows
Synopsis
With the growth of online privacy and security concerns, as well as people
wanting to work around geo-restrictions, VPNs are becoming much more mainstream.
They no longer rest in the realm of security professionals and the overly
paranoid. OpenVPN is the most secure VPN protocol you can use and this guide
will teach you what it is, as well as how to install it on Windows.
If you are looking to install OpenVPN on another operating system, visit their
website
4 min
Incident Detection
Web Shells 101: Detection and Prevention
2016 has been a big year for information security, as we've seen attacks by both
cybercriminals and state actors increase in size and public awareness, and the
Internet of Things comes into its own as a field of study. But today we'd like
to talk about a very old (but no less dangerous) type of attacker tool – web
shells – and new techniques Rapid7 is developing for identifying them quickly
and accurately.
What is a Web Shell?
Web shells are web-based applications that provide a threat actor wi
2 min
Metasploit
Metasploitable3 CTF Competition: Update and Leaderboard!
The Metasploitable3
Capture The
Flag Competition has
been underway for about a week now and the submissions have been pouring in!
We're very excited to see so many great submissions. We're reviewing as fast as
we can so if you don't hear back from us right away, don't worry, you will. For
all valid submissions we will update this blog post and subsequent ones with the
le
5 min
IT Ops
The Generosity of Thought: Caring and Sharing in the Open Source Community
I want to share something with you that is pretty amazing. But, before I do,
allow me to provide the backstory.
The Backstory
I’ve been using Open Source Software (OSS) for a while now. I started with the
big ones, Apache , Maven , MySQL
, etc…. But, as time went on and my work became more
specialized, I started using smaller projects. When you use the big projects
such as Maven and Apache, there’s a boatload of books, video
3 min
Komand
3 Steps for Effective Information Security Event Triage [Infographic]
Before you jump into action when a security alrm sounds, you need to first
assess what happened. Pulling together the details of the event will help you
determine if there is a real security incident, and if so, how you will need to
respond.
But often in the frenzy of security alerts, we get caught up in processes or
start jumping to conclusions without enough info. This can lead to a haphazard
incident response.
From my experience, there's a simpler way; one that is efficienct, not bogged
dow
4 min
Automation and Orchestration
Burp Series: Intercepting and modifying made easy
Synopsis
As a penetration tester I have many tools that I use to help with web
application testing, but the one tool that never lets me down is Burp suite by
portswigger. Burp suite is an intercepting proxy that allows you to modify and
inspect web traffic, it comes in two flavors, free and paid. The free version
is powerful enough to assist any pen test engineer, whereas the paid version
will add extra features to make your tests go smoother and faster.
I am going to walk you through the beg