Posts tagged Penetration Testing

Combining Responder and PsExec for Internal Penetration Tests

By Emilie St-Pierre, TJ Byrom, and Eric Sun Ask any pen tester what their top five penetration testing tools [https://rapid7.com/fundamentals/penetration-testing-tools/] are for internal engagements, and you will likely get a reply containing nmap, Metasploit, CrackMapExec, SMBRelay and Responder. An essential tool for any whitehat, Responder is a Python script that listens for Link-Local Multicast Name Resolution (LLMNR), Netbios Name Service (NBT-NS) and Multicast Domain Name System (mDNS)

9 min Metasploit

Pen Testing Cars with Metasploit and Particle.io Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit [https://rapid7.com/products/metasploit/] compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any code (or read this) then I've also provided the full code as a library example in the Particle library and can be found here [https://build.particle.io/libs/spark-msf-relay/0.0.1/tab/example/msf-carlo

4 min Metasploit

Metasploitable3 Capture the Flag Competition

UPDATE: Leaderboard can be found on this new post [/2016/12/14/metasploitable3-ctf-competition-update]! Plus, some notes that may be helpful. Exciting news! Rapid7 is hosting a month-long, world-wide capture the flag(s) competition! Rapid7 recently released Metasploitable3 [https://github.com/rapid7/metasploitable3], the latest version of our attackable, vulnerable environment designed to help security professionals, students, and researchers alike hone their skills and practice their craft. I

4 min Automation and Orchestration

What is Penetration Testing?

Synopsis Penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/] or as most people in the IT security field call it, pen testing, is the testing of software and hardware for vulnerabilities or weaknesses that an attacker could exploit. In the IT world this usually applies, but is not limited to, PCs, networks, and web applications. Also known as “red teaming” pen testing is done by everyone from government agencies to law enforcement, military, and private companies. Pen

6 min Penetration Testing

Establishing an Insider Threat Program for Your Organization

Whether employees realize it or not, they can wreak havoc on internal and external security protocols. Employees' daily activities (both work and personal) on their work devices (computers, smartphone, and tablets) or on their company's network can inflict damage. Often called “insider threats,” employees' actions, both unintentional or intentional, are worth paying heed to whenever possible. Gartner's Avivah Litan reported on this thoroughly in her “Best Practices for Managing Insider Security

5 min Metasploit

Pentesting in the Real World: Going Bananas with MongoDB

This is the 4th in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] Prefa

3 min Penetration Testing

Pentesting in the Real World: Capturing Credentials on an Internal Network

This is the second in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications

5 min Metasploit

Pentesting in the Real World: Gathering the Right Intel

This is the first in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] So

4 min Penetration Testing

Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues

In a fight between pirates and ninjas, who would win? I know what you are thinking. “What in the world does this have to do with security?” Read on to find out but first, make a choice: Pirates or Ninjas? Before making that choice, we must know what the strengths and weaknesses are for each: Pirates Strengths Weaknesses StrongLoudBrute-Force AttackDrunk (Some say this could be a strength too)Great at PlunderingCan be CarelessLong-Range CombatNinjas Strengths Weaknesses FastNo ArmorStealthySmal

5 min Penetration Testing

SNMP Data Harvesting During Penetration Testing

A few months back I posted a blog entry, SNMP Best Practices [/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give guidance on best methods to reduce security risks as they relate to SNMP. Now that everyone has had time to fix all those issues, I figured it's time to give some guidance to penetration testers and consultants on how to exploit exposed SNMP services by harvesting data and using it to expand their attack footprint. The first question when approaching SNMP is

5 min Phishing

10 Phishing Countermeasures to Protect Your Organization

The Internet is full of articles for how to tell if an email is phishing but there seems to be a lack of concise checklists how to prepare an organization against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/] , so here you go. Because phishing attacks humans and systems alike, the defense should also cover both aspects. None of the following steps is bullet proof, so layering your defenses is important – and having an incident response plan in case someone does get th

1 min Metasploit

Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast

Earlier this week we heard from ckirsch [https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint: it's a lot!). With the increase in high profile breaches and their costs, more and more emphasis is being put on the pen tester and security in general. Read on if you'd like to get the top takeaways from this week's webcast so that you aren't left in the dark about, "7 Ways to Make Your Penetratio

1 min Penetration Testing

Your PenTest Tools Arsenal

When it comes to information security, one of the major problems is setting up your PenTest Tools Arsenal. The truth is, there are too many tools out there and it would take forever to try half of them to see if one fits your needs. Over the years, there have been some well established tools released that most of security professionals use currently, but that doesn't mean that are not unknown yet still very good pentesting tools that are not as popular. I wanted to make a list of the pentest to

3 min Penetration Testing

#pwnSAP Tweet Chat Debrief

On December 3, Rapid7 security researcher Juan Vazquez hosted a panel of experts [/2013/11/25/pwnsap-join-us-for-a-tweet-chat-on-dec-3] for a tweet chat to discuss SAP system hacking. The #pwnSAP chat was a great discussion – here are some highlights. Juan's first question was, “Can you start by telling us a bit about how SAP system hacking has changed lately?” @todb called this research paper, SAP Penetration Testing Using Metasploit – How to Protect Sensitive ERP Data [http://information.rap