7 min
Haxmas
12 Days of HaXmas: What Home Alone Can Teach About Active Defense
This post is the fourth in the series, "The 12 Days of HaXmas."
As you venture from the world of defense, including protecting and monitoring
systems, into the realm of active defense, who can be your mentor? Who can make
you as cool as Frosty?
Does anyone know enough about active defense to make a movie out of it?
OF COURSE!
Macaulay Culkin is the mentor you are looking for. More precisely, Kevin
McCallister , from the
Home Alone fra
4 min
Threat Intel
12 Days of HaXmas: Charlie Brown Threat Intelligence
This post is the third in the series, "The 12 Days of HaXmas."
“Get the biggest aluminum threat feed you can find, Charlie Brown, maybe painted
pink.”
It has been a few years now since the term “cyber threat intelligence” entered
mainstream, and since then it has exploded into a variety of products, all
claiming to have the biggest, the best, the shiniest, most aluminum-est threat
feed, report, or platform. Much of the advertising and media surrounding threat
intelligence capitalizes on fear
10 min
Haxmas
12 Days of HaXmas: Advanced Persistent Printer
This post is the second in the series, "The 12 Days of HaXmas."
By Deral Heiland, Principal Consultant, and Nate Power, Senior Consultant, of
Rapid7 Global Services
Year after year we have been discussing the risk of Multi-Function Printers
(MFP) in the corporate environment and how a malicious actor can easily leverage
these devices to carry out attacks, including extraction of Windows Active
Directory credentials via LDAP and abusing the "Scan to File" and "Scan to
E-mail" features. To take
3 min
Haxmas
12 Days of HaXmas: Rapid7 Gives to You... Free Professional Media Training (Pear Tree Not Included)
Ho ho ho, Merry HaXmas ! For those of you new to this series,
every year we mark the 12 days of HaXmas with 12 blog posts on hacking-related
topics and roundups from the year. This year we're kicking the series off with
something not altogether hackery, but it's a gift, see, so very appropriate for
the season.
For the past couple of years, I've provided free media training at various
security conferences, often as part of an I Am The Cavalry
track,
8 min
Vulnerability Management
ScanNow DLL Search Order Hijacking Vulnerability and Deprecation
Overview
On November 27, 2015, Stefan Kanthak contacted Rapid7 to report a vulnerability
in Rapid7's ScanNow tool. Rapid7 takes security issues seriously and this was
no exception. In combination with a preexisting compromise or other
vulnerabilities, and in the absence of sufficient mitigating measures, a system
with ScanNow can allow a malicious party to execute code of their choosing
leading to varying levels of additional compromise. In order to protect the
small community of users who ma
2 min
IT Ops
How to Log Messages from Slack
We recently added support for unedited HTTP logging in Logentries. This means
you can send us log data via HTTPS drain (from heroku), or via any webhook you
want.
One webhook that we’ve been looking to log for a while is Slack
.
People are always chatting away on Slack, and this data might be useful some
day. You can send the data into Logentries however you want, and then worry
about what to do it when you actually need it!
First, you’ll need to
5 min
Vulnerability Disclosure
CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
On December 18th, 2015 Juniper issued an advisory
indicating that they had discovered unauthorized code in the ScreenOS software
that powers their Netscreen firewalls. This advisory covered two distinct
issues; a backdoor in the VPN implementation that allows a passive eavesdropper
to decrypt traffic and a second backdoor
3 min
Nexpose
Have JBoss, Jenkins, WebLogic, WebSphere based applications? Brace yourself, they've got an unwanted Christmas present for you!
Java based server applications are prevalent throughout most corporate
networks. Thousands, if not millions, of applications are deployed using JBoss,
Jenkins, WebLogic and WebSphere - so when a vulnerability affecting the
underlying technology pops up, the impact can be significant. A vulnerability
was recently discovered affecting any Java application which can receive data
back from users, allowing malicious actors to insert unsafe data as it attempts
to ingest the information. The applica
0 min
Rapid7 Culture
Holiday greetings from all of us at Rapid7!
As we reach the end of December and the end of the year, we wanted to take a
moment to pause and recognize what an amazing year it has been -- and how
grateful we are to EVERYONE who made 2015 so memorable. That's why we put
together this short video as a way to say, quite simply, thank you.
(Please note: If you see a grey box instead of a video above, the player may
take a moment to load.)
Happy holidays and happy new year!
~ @mvarmazis
6 min
API
AppSpider's Got Swagger: The first end-to-end security testing for REST APIs
We are thrilled to announce a major new innovation in application security
testing. AppSpider is the first Dynamic Application Security Testing (DAST)
solution capable of testing Swagger-enabled APIs. Swagger is one of the most
popular frameworks for building APIs and the ability to test Swagger-enabled
APIs is not only a huge time savings for application security testing experts,
but also enables Rapid7 customers to more rapidly reduce risk.
Why does this matter?
Modern applications make liber
2 min
Metasploit
How to Avoid Common Mistakes in your Metasploit Community/Pro License Key Request
As a result of export restrictions placed on Metasploit Community and Pro
trials, this year we have introduced some new systems to help process license
requests. We have received a lot of questions about this, and this post will
hopefully answer some of them for you. If you haven't read the original blog
post about the export controls
, please take a moment to review the information there on the updates an
2 min
Nexpose
More TLS Improvements in Nexpose 6.1.2
After releasing TLS Coverage Improvements in Nexpose 6.0.2
we figured that the
Nexpose Security Console should be able to abide by our own suggestions. Last
year we had already disabled SSLv3 support by default and allowed configuring
what other protocols are enabled on the console as well. With this week's
release we're limiting the TLS cipher suites available to the console's web
server by default. Similar to the protocols, the cipher suit
12 min
Vulnerability Disclosure
Multiple Disclosures for Multiple Network Management Systems
Today, Rapid7 is disclosing several vulnerabilities affecting several Network
Management System (NMS) products. These issues were discovered by Deral Heiland
of Rapid7 and independent researcher Matthew
Kienow , and reported to vendors and CERT
for coordinated disclosure per Rapid7's disclosure policy. All together, we're
disclosing six vulnerabilities that affect four NMSs, four of which are expected
to be patched by the time o
3 min
IT Ops
Logentries recognized by Docker as Ecosystem Technology Partner for Logging
Since last year, we’ve anticipated the impact of Docker
and have been building integrations
– first as experiments
and later as
full-blown solutions
. It’s therefore
with great pleasure that we’re announcing our recognition by Docker as an
Ecosystem Technology Partner for Logging.
Why Monitor Docker Logs?
Most teams that
10 min
Vulnerability Disclosure
R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)
ManageEngine Desktop Central 9
suffers from a
vulnerability that allows a remote attacker to upload a malicious file, and
execute it under the context of SYSTEM. Authentication is not required to
exploit this vulnerability.
In addition, the vulnerability is similar to a ZDI advisory released on May 7th,
2015, ZDI-15-180 . This
advisory specifically mentions computerName, and this is