4 min
Haxmas
12 Days of HaXmas: Year-End Policy Comment Roundup
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
On the seventh day of Haxmas, the Cyber gave to me: a list of seven Rapid7
comments to government policy proposals! Oh, tis a magical season.
It was an ac
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud
4 min
InsightIDR
12 Days of HaXmas: Designing Information Security Applications Your Way
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 days of blog posts on
hacking-related topics and roundups from the year. This year, we're highlighting
some of the “gifts” we want to give back to the community. And while these gifts
may not come wrapped with a bow, we hope you enjoy them.
Are you a busy Information Security professional that prefers bloated web
applications, fancy interactions, unnecessary visuals, and overloaded scr
6 min
IoT
12 Days of HaXmas: 2016 IoT Research Recap
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
As we close out the end of the year, I find it important to reflect on the IoT
vulnerability research conducted during 2016 and what we learned from it. Th
5 min
Haxmas
12 Days of HaXmas: The One Present This Data Scientist Wants This Holiday Season
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
> “May you have all the data you need to answer your questions – and may half of
the values be corrupted!”
> - Ancient Yiddish curse
This year, Christm
7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
[https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
[https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
4 min
Metasploit
12 Days of HaXmas: Metasploit End of Year Wrapup
This is the seventh post in the series, "The 12 Days of HaXmas."
It's the last day of the year, which means that it's time to take a moment to
reflect on the ongoing development of the Metasploit Framework, that de facto
standard in penetration testing, and my favorite open source project around.
While the acquisition of Metasploit way back in 2009 was met with some healthy
skepticism, I think this year, it's easy to say that Rapid7's involvement with
Metasploit has been an enormously positive
4 min
Metasploit
512 Days of HaXmas: Metasploit's IoT WebApp Login Support
This is the sixth post in the series, "The Twelve Days of HaXmas."
Well, the year is coming to a close, and it's just about time for the annual
breakdown of Metasploit commit action. But before we get to that, I wanted to
take a moment to highlight the excellent work we landed in 2015 in adding new
web application login support to Metasploit. After all, who needs exploits when
your password is "public" or "admin" or "password" or any other of the very few
well-known default passwords? Maybe i
3 min
Haxmas
12 Days of HaXmas: Santa makes a list and checks it twice, do you?
This post is the fifth in the series, "The Twelve Days of HaXmas."
This is the time of the year where kids and adults alike think back over the
past year, wondering which of Santa's two lists they will be on. The nice list
is reserved for those who say "please" and "thank you", brush their teeth, and
of course, those who regularly update and practice their incident response
plans.
Santa gives presents to the children on the nice list and coal to the ones on
the naughty. When the list gets chec
7 min
Haxmas
12 Days of HaXmas: What Home Alone Can Teach About Active Defense
This post is the fourth in the series, "The 12 Days of HaXmas."
As you venture from the world of defense, including protecting and monitoring
systems, into the realm of active defense, who can be your mentor? Who can make
you as cool as Frosty?
Does anyone know enough about active defense to make a movie out of it?
OF COURSE!
Macaulay Culkin is the mentor you are looking for. More precisely, Kevin
McCallister [http://www.imdb.com/character/ch0004114/?ref_=tt_cl_t1], from the
Home Alone fra
4 min
Threat Intel
12 Days of HaXmas: Charlie Brown Threat Intelligence
This post is the third in the series, "The 12 Days of HaXmas."
“Get the biggest aluminum threat feed you can find, Charlie Brown, maybe painted
pink.”
It has been a few years now since the term “cyber threat intelligence” entered
mainstream, and since then it has exploded into a variety of products, all
claiming to have the biggest, the best, the shiniest, most aluminum-est threat
feed, report, or platform. Much of the advertising and media surrounding threat
intelligence capitalizes on fear
10 min
Haxmas
12 Days of HaXmas: Advanced Persistent Printer
This post is the second in the series, "The 12 Days of HaXmas."
By Deral Heiland, Principal Consultant, and Nate Power, Senior Consultant, of
Rapid7 Global Services
Year after year we have been discussing the risk of Multi-Function Printers
(MFP) in the corporate environment and how a malicious actor can easily leverage
these devices to carry out attacks, including extraction of Windows Active
Directory credentials via LDAP and abusing the "Scan to File" and "Scan to
E-mail" features. To take
3 min
Haxmas
12 Days of HaXmas: Rapid7 Gives to You... Free Professional Media Training (Pear Tree Not Included)
Ho ho ho, Merry HaXmas [/tag/haxmas/]! For those of you new to this series,
every year we mark the 12 days of HaXmas with 12 blog posts on hacking-related
topics and roundups from the year. This year we're kicking the series off with
something not altogether hackery, but it's a gift, see, so very appropriate for
the season.
For the past couple of years, I've provided free media training at various
security conferences, often as part of an I Am The Cavalry
[https://www.iamthecavalry.org/] track,
7 min
Metasploit
12 Days of HaXmas: Maxing Meterpreter's Mettle
This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a
look at some of more notable advancements and events in the Metasploit Framework
over the course of 2014. As this is the last in the series, let's peek forward,
to the unknowable future.
Happy new year, it's time to make some resolutions. There is nothing like a
fresh new year get ones optimism at its highest.
Meterpreter is a pretty nifty piece of engineering, and full of useful
functionality. The various extensi
3 min
Metasploit
12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog
This post is the tenth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
The Metasploit Framework [https://www.metasploit.com/download/] uses operating
system and service fingerprints for automatic target selection and asset
identification. This blog post describes a major overhaul of the fingerprinting
backend within Metasploit and how you can extend it by submitting new
fingerprints.
Histo