6 min
InsightIDR
Defense in Depth Using Deception Technology in InsightIDR
Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.
5 min
Research
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
2 min
InsightIDR
Deception Technology in InsightIDR: Setting Up Honeypots
In order to overcome the adversary, we must first seek to understand. By
understanding how attackers operate, and what today’s modern network looks like
from an attacker’s perspective, it’s possible to deceive an attacker, or at
least have warning around internal network compromise. Today, let’s touch on a
classic deception technology
[https://www.rapid7.com/solutions/deception-technology/] that continues to
evolve: the honeypot.
Honeypots [https://www.rapid7.com/fundamentals/honeypots/] are de
4 min
InsightIDR
How to Identify Attacker Reconnaissance on Your Internal Network
The most vulnerable moment for attackers is when they first gain internal access
to your corporate network. In order to determine their next step, intruders must
perform reconnaissance to scout available ports, services, and assets from which
they can pivot and gain access to customer databases, credit card data, source
code, and more. These initial moments are arguably your best opportunities to
catch attackers before critical assets are breached, but unfortunately, it can
be very challenging t
4 min
Honeypots
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with
Nexpose's web spider functionality. This check will be performed against any
URIs discovered with the suffix “.action” (the default configuration for Apache
Struts apps). To learn more about using this check, read this post
[https://www.rapid7.com/blog/post/2017/03/15/using-web-spider-to-detect-vulnerable-apache-struts-apps-cve-2017-5638/]
.
UPDATE - March 9th, 2017: Scan your network for this vulnerability
[https://
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud
6 min
Honeypots
Introduction to Honeypots
Synopsis
With an ever-increasing number of methods and tactics used to attack networks,
the goal of securing a network must also continually expand in scope. While
traditional methods such as IDS/IPS systems, DMZ’s, penetration testing and
various other tools can create a very secure network, it is best to assume
vulnerabilities will always exist, and sooner or later, they will be exploited.
Thus, we need to continuously find innovative ways of countering the threats,
and one such way is to depl
3 min
InsightIDR
Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials
If you're only looking through your log files, reliably detecting early signs of
attacker reconnaissance can be a nightmare. Why is this important? If you can
detect and react to an intruder early in the attack chain, it's possible to kick
the intruder out before he or she accesses your critical assets. This is not
only good for you (no monetary data is stolen), but it's also critical because
this is the only time in the chain that the intruder is at a disadvantage.
Once an attacker has an i