2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
3 min
Metasploit
12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog
This post is the tenth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
The Metasploit Framework [https://www.metasploit.com/download/] uses operating
system and service fingerprints for automatic target selection and asset
identification. This blog post describes a major overhaul of the fingerprinting
backend within Metasploit and how you can extend it by submitting new
fingerprints.
Histo
17 min
Project Sonar
R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities
Overview
In the summer of 2014, Rapid7 Labs started scanning the public Internet for
NAT-PMP as part of Project Sonar
[https://community.rapid7.com/community/infosec/sonar]. NAT-PMP is a protocol
implemented by many SOHO-class routers and networking devices that allows
firewall and routing rules to be manipulated to enable internal, assumed trusted
users behind a NAT device to allow external users to access internal TCP and UDP
services for things like Apple's Back to My Mac and file/media shar
3 min
Project Sonar
Legal Considerations for Widespread Scanning
Last month Rapid7 Labs launched Project Sonar,
[/2013/09/26/welcome-to-project-sonar]a community effort to improve internet
security through widespread scanning and analysis of public-facing computer
systems. Though this project, Rapid7 is actively running large-scale scans to
create datasets, sharing that information with others in the security community,
and offering tools to help them create datasets, too.
Others in the security field are doing similar work. This fall, a research team
at the