Posts tagged Haxmas

4 min Haxmas

12 Days of HaXmas: Year-End Policy Comment Roundup

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. On the seventh day of Haxmas, the Cyber gave to me: a list of seven Rapid7 comments to government policy proposals! Oh, tis a magical season. It was an ac

8 min Haxmas

12 Days of HaXmas: A HaxMas Carol

(A Story by Rapid7 Labs) Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Happy Holi-data from Rapid7 Labs! It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong Heisenberg Cloud

4 min InsightIDR

12 Days of HaXmas: Designing Information Security Applications Your Way

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [https://www.rapid7.com/blog/tag/haxmas/] with 12 days of blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Are you a busy Information Security professional that prefers bloated web applications, fancy interactions, unnecessary visuals, and overloaded scr

6 min IoT

12 Days of HaXmas: 2016 IoT Research Recap

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. As we close out the end of the year, I find it important to reflect on the IoT vulnerability research conducted during 2016 and what we learned from it. Th

5 min Haxmas

12 Days of HaXmas: The One Present This Data Scientist Wants This Holiday Season

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. > “May you have all the data you need to answer your questions – and may half of the values be corrupted!” > - Ancient Yiddish curse This year, Christm

7 min Haxmas

The Twelve Pains of Infosec

One of my favorite Christmas carols is the 12 Days of Christmas [https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the song came out in the form of the 12 Pains of Christmas [https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. ----------------------

4 min Metasploit

12 Days of HaXmas: Metasploit End of Year Wrapup

This is the seventh post in the series, "The 12 Days of HaXmas." It's the last day of the year, which means that it's time to take a moment to reflect on the ongoing development of the Metasploit Framework, that de facto standard in penetration testing, and my favorite open source project around. While the acquisition of Metasploit way back in 2009 was met with some healthy skepticism, I think this year, it's easy to say that Rapid7's involvement with Metasploit has been an enormously positive

4 min Metasploit

512 Days of HaXmas: Metasploit's IoT WebApp Login Support

This is the sixth post in the series, "The Twelve Days of HaXmas." Well, the year is coming to a close, and it's just about time for the annual breakdown of Metasploit commit action. But before we get to that, I wanted to take a moment to highlight the excellent work we landed in 2015 in adding new web application login support to Metasploit. After all, who needs exploits when your password is "public" or "admin" or "password" or any other of the very few well-known default passwords? Maybe i

3 min Haxmas

12 Days of HaXmas: Santa makes a list and checks it twice, do you?

This post is the fifth in the series, "The Twelve Days of HaXmas." This is the time of the year where kids and adults alike think back over the past year, wondering which of Santa's two lists they will be on. The nice list is reserved for those who say "please" and "thank you", brush their teeth, and of course, those who regularly update and practice their incident response plans. Santa gives presents to the children on the nice list and coal to the ones on the naughty. When the list gets chec

7 min Haxmas

12 Days of HaXmas: What Home Alone Can Teach About Active Defense

This post is the fourth in the series, "The 12 Days of HaXmas." As you venture from the world of defense, including protecting and monitoring systems, into the realm of active defense, who can be your mentor? Who can make you as cool as Frosty? Does anyone know enough about active defense to make a movie out of it? OF COURSE! Macaulay Culkin is the mentor you are looking for. More precisely, Kevin McCallister [http://www.imdb.com/character/ch0004114/?ref_=tt_cl_t1], from the Home Alone fra

4 min Threat Intel

12 Days of HaXmas: Charlie Brown Threat Intelligence

This post is the third in the series, "The 12 Days of HaXmas." “Get the biggest aluminum threat feed you can find, Charlie Brown, maybe painted pink.” It has been a few years now since the term “cyber threat intelligence” entered mainstream, and since then it has exploded into a variety of products, all claiming to have the biggest, the best, the shiniest, most aluminum-est threat feed, report, or platform. Much of the advertising and media surrounding threat intelligence capitalizes on fear

10 min Haxmas

12 Days of HaXmas: Advanced Persistent Printer

This post is the second in the series, "The 12 Days of HaXmas." By Deral Heiland, Principal Consultant, and Nate Power, Senior Consultant, of Rapid7 Global Services Year after year we have been discussing the risk of Multi-Function Printers (MFP) in the corporate environment and how a malicious actor can easily leverage these devices to carry out attacks, including extraction of Windows Active Directory credentials via LDAP and abusing the "Scan to File" and "Scan to E-mail" features. To take

3 min Haxmas

12 Days of HaXmas: Rapid7 Gives to You... Free Professional Media Training (Pear Tree Not Included)

Ho ho ho, Merry HaXmas [/tag/haxmas/]! For those of you new to this series, every year we mark the 12 days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year we're kicking the series off with something not altogether hackery, but it's a gift, see, so very appropriate for the season. For the past couple of years, I've provided free media training at various security conferences, often as part of an I Am The Cavalry [https://www.iamthecavalry.org/] track,

7 min Metasploit

12 Days of HaXmas: Maxing Meterpreter's Mettle

This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. As this is the last in the series, let's peek forward, to the unknowable future. Happy new year, it's time to make some resolutions. There is nothing like a fresh new year get ones optimism at its highest. Meterpreter is a pretty nifty piece of engineering, and full of useful functionality. The various extensi

3 min Metasploit

12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog

This post is the tenth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. The Metasploit Framework [https://www.metasploit.com/download/] uses operating system and service fingerprints for automatic target selection and asset identification. This blog post describes a major overhaul of the fingerprinting backend within Metasploit and how you can extend it by submitting new fingerprints. Histo