3 min
Penetration Testing
Password Tips From a Pen Tester: 3 Passwords to Eliminate
Every week, Rapid7 conducts penetration testing services for organizations that
cracks hundreds—and sometimes thousands—of passwords. Our current password trove
has more than 500,000 unique passwords that have been collected over the past
two years. Where do these come from? Some of them come from Windows domain
controllers and databases such as MySQL or Oracle; some of them are caught on
the wire using Responder [https://github.com/lgandx/Responder-Windows], and some
are pulled out of memory wi
4 min
Penetration Testing
Metasploit MinRID Option
We’ve added a new option to the smb_lookupsid Metasploit module
[https://www.rapid7.com/db/modules/auxiliary/scanner/smb/smb_lookupsid]. You can
now specify your starting RID.
Wait, What Does This Module Do Again?
As a penetration tester, one of the first things I try to do on an internal
network is enumerate all of the domain users so that I can perform login attacks
against them. It would be a noteworthy risk if we could do that anonymously,
because that means that any malicious actor who can
4 min
Penetration Testing
IoT Security Testing Methodology
By
Deral Heiland IoT - IoT Research Lead Rapid7
Nathan Sevier - Senior Consultant Rapid7
Chris Littlebury - Threat Assessment Manage Rapid7
End-to-end ecosystem methodology
When examining IoT technology, the actionable testing focus and methodology is
often applied solely to the embedded device. This is short sighted and
incomplete. An effective assessment methodology should consider the entire IoT
solution or as we refer to it, the IoT Product Ecosystem. Every interactive
component that makes
3 min
Metasploit
Exploiting Macros via Email with Metasploit Pro Social Engineering
Currently, phishing is seen as one of the largest infiltration points for
businesses around the globe, but there is more to social engineering than just
phishing. Attackers may use email and USB keys to deliver malicious files to
users in the hopes of gaining access to an organization's network. Users that
are likely unaware that unsolicited files, such as a Microsoft Word document
with a macro, may be malicious and can be a major risk to an organization.
Metasploit Pro [https://www.rapid7.com/
4 min
Penetration Testing
Combining Responder and PsExec for Internal Penetration Tests
By Emilie St-Pierre, TJ Byrom, and Eric Sun
Ask any pen tester what their top five penetration testing tools
[https://rapid7.com/fundamentals/penetration-testing-tools/] are for internal
engagements, and you will likely get a reply containing nmap, Metasploit,
CrackMapExec, SMBRelay and Responder.
An essential tool for any whitehat, Responder is a Python script that listens
for Link-Local Multicast Name Resolution (LLMNR), Netbios Name Service (NBT-NS)
and Multicast Domain Name System (mDNS)
9 min
Metasploit
Pen Testing Cars with Metasploit and Particle.io Photon Boards
TL;DR
This post details how to use the MSFRelay library for Photon boards to write
your own Metasploit [https://rapid7.com/products/metasploit/] compatible
firmware. Specifically for an add-on called Carloop. If you have a Carloop and
just want it to work with Metasploit without having to write any code (or read
this) then I've also provided the full code as a library example in the Particle
library and can be found here
[https://build.particle.io/libs/spark-msf-relay/0.0.1/tab/example/msf-carlo
4 min
Metasploit
Metasploitable3 Capture the Flag Competition
UPDATE: Leaderboard can be found on this new post
[/2016/12/14/metasploitable3-ctf-competition-update]! Plus, some notes that may
be helpful.
Exciting news! Rapid7 is hosting a month-long, world-wide capture the flag(s)
competition!
Rapid7 recently released Metasploitable3
[https://github.com/rapid7/metasploitable3], the latest version of our
attackable, vulnerable environment designed to help security professionals,
students, and researchers alike hone their skills and practice their craft. I
4 min
Automation and Orchestration
What is Penetration Testing?
Synopsis
Penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/]
or as most people in the IT security field call it, pen testing, is the testing
of software and hardware for vulnerabilities or weaknesses that an attacker
could exploit. In the IT world this usually applies, but is not limited to, PCs,
networks, and web applications. Also known as “red teaming
[https://www.rapid7.com/fundamentals/what-is-a-red-team/]” pen testing is done
by everyone from government agencies
6 min
Penetration Testing
Establishing an Insider Threat Program for Your Organization
Whether employees realize it or not, they can wreak havoc on internal and
external security protocols. Employees' daily activities (both work and
personal) on their work devices (computers, smartphone, and tablets) or on their
company's network can inflict damage. Often called “insider threats,” employees'
actions, both unintentional or intentional, are worth paying heed to whenever
possible. Gartner's Avivah Litan reported on this thoroughly in her “Best
Practices for Managing Insider Security
5 min
Metasploit
Pentesting in the Real World: Going Bananas with MongoDB
This is the 4th in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
Prefa
3 min
Penetration Testing
Pentesting in the Real World: Capturing Credentials on an Internal Network
This is the second in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications
5 min
Metasploit
Pentesting in the Real World: Gathering the Right Intel
This is the first in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
So
4 min
Penetration Testing
Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues
In a fight between pirates and ninjas, who would win? I know what you are
thinking. “What in the world does this have to do with security?” Read on to
find out but first, make a choice: Pirates or Ninjas?
Before making that choice, we must know what the strengths and weaknesses are
for each:
Pirates
Strengths
Weaknesses
StrongLoudBrute-Force AttackDrunk (Some say this could be a strength too)Great
at PlunderingCan be CarelessLong-Range CombatNinjas
Strengths
Weaknesses
FastNo ArmorStealthySmal
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
[/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is
5 min
Phishing
10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]
, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan in case someone
does get th