7 min
Research
Remote Desktop Protocol (RDP) Exposure
The Remote Desktop Protocol, commonly referred to as RDP, is a proprietary
protocol developed by Microsoft that is used to provide a graphical means of
connecting to a network-connected computer. RDP client and server support has
been present in varying capacities in most every Windows version since NT
[https://en.wikipedia.org/wiki/Windows_NT]. Outside of Microsoft's offerings,
there are RDP clients available for most other operating systems. If the nitty
gritty of protocols is your thing, Wiki
5 min
Public Policy
Copyright Office Calls For New Cybersecurity Researcher Protections
On Jun. 22, the US Copyright Office released
[https://www.copyright.gov/policy/1201/section-1201-full-report.pdf] its
long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act (DMCA),
and it has important implications for independent cybersecurity researchers.
Mostly the news is very positive. Rapid7 advocated extensively for researcher
protections to be built into this report, submitting two sets of detailed
comments—see here
[/2016/03/15/rapid7-bugcrowd-and-hackerone-file-pro-res
4 min
Public Policy
Rapid7 issues comments on NAFTA renegotiation
In April 2017, President Trump issued an executive order directing a review of
all trade agreements. This process is now underway: The United States Trade
Representative (USTR) – the nation's lead trade agreement negotiator – formally
requested [https://www.regulations.gov/docket/USTR-2017-0006] public input on
objectives for the renegotiation of the North American Free Trade Agreement
(NAFTA). NAFTA is a trade agreement between the US, Canada, and Mexico, that
covers a huge range of topics, fr
3 min
Project Sonar
Signal to Noise in Internet Scanning Research
We live in an interesting time for research related to Internet scanning.
There is a wealth of data and services to aid in research. Scanning related
initiatives like Rapid7's Project Sonar [https://sonar.labs.rapid7.com/], Censys
[https://censys.io/], Shodan [https://www.shodan.io/], Shadowserver
[https://www.shadowserver.org/] or any number of other public/semi-public
projects have been around for years, collecting massive troves of data. The
data and services built around it has been used f
6 min
Research
The Data Science Process at Rapid7
Data Science is more than just math. A successful Data Science team and
successful Data Science projects require relationships with outside teams, clear
communication, as well as good decision making, problem solving and critical
thinking abilities. Thus, when we talk about Data Science at Rapid7, we talk
about the Data Science Process our teams use to take a Data Science project from
inception to completion, where math and analysis are important, but not the only
aspects of the project.
What a
2 min
IoT
Research Lead (IoT)
It has been an amazing journey serving as the Research Lead for the Internet of
Things (IoT) at Rapid7 for past 10 months. I came into the role with more than a
decade of experience as a security penetration tester and nearly 15 years of
experience conducting security research across such areas as protocol based
attacks, embedded device exploitation, and web vulnerabilities, so taking on the
role, as Research Lead for IoT was the next obvious progression for me. Being
able to focus on IoT specif
4 min
Research
NCSAM: The Danger of Criminalizing Curiosity
This is a guest post from Kurt Opsahl [https://twitter.com/kurtopsahl], Deputy
Executive Director and General Counsel of the Electronic Frontier Foundation
[https://twitter.com/EFF].
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA
[/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers]
and the 30th anniversary of the
4 min
Research
NCSAM: Independent Research and IoT
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA and the 30th anniversary of the
CFAA - a problematic law that hinders beneficial security research. Throughout
the month, we will be sharing content that enhances understanding of what
independent security research is, how it benefits the digital ecosystem, and the
challenges that researchers f
6 min
Project Sonar
Digging for Clam[AV]s with Project Sonar
A little over a week ago some keen-eyed folks discovered a
feature/configuration
weakness [http://seclists.org/nmap-dev/2016/q2/198] in the popular ClamAV
malware scanner that makes it possible to issue administrative commands such as
SCAN or SHUTDOWN remotely—and without authentication—if the daemon happens to be
running on an accessible TCP port. Shortly thereafter, Robert Graham unholstered
his masscan [https://github.com/robertdavidgraham/masscan] tool and did a s
ummary blog post
[http://bl
7 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) Summary - The Defender's Perspective
Verizon has released the report
[https://www.verizon.com/business/resources/reports/dbir/] of their annual Data
Breach Investigations Report (DBIR). Their crack team of researchers have, once
again, produced one of the most respected, data-driven reports in cyber
security, sifting through submissions from 67 contributors and taking a deep
dive into 64,000 incidents—and nearly 2,300 breaches—to help provide insight on
what our adversaries are up to and how successful they've been.
The DBIR is a
3 min
Public Policy
Petition for Reform of the DMCA and CFAA
Here's the TL;DR:
Software now runs everything and all software has flaws, which means that we, as
consumers, are at risk. This includes YOU, and can impact your safety or quality
of life. Sign this petition to protect your right to information on how you are
exposed to risk:
https://petitions.whitehouse.gov/petition/unlock-public-access-research-software
-safety-through-dmca-and-cfaa-reform/DHzwhzLD
The petition
Last weekend a petition
[https://petitions.whitehouse.gov/petition/unlock-public
1 min
Research
A Pentester's Introduction to SAP & ABAP
If you're conducting security assessments on enterprise networks, chances are
that you've run into SAP systems. In this blog post, I'd like to give you an
introduction to SAP and ABAP to help you with your security audit.
The full SAP solution (ERP or SAP Business Suite) consists of several
components. However, to manage the different areas of a large enterprise,
probably one of the better known components or features of the SAP solution is
the development system based on ABAP [http://en.wikipe
3 min
Metasploit
Learn to Pentest SAP with Metasploit As ERP Attacks Go Mainstream
This month, a security researcher disclosed that a version of the old banking
Trojan “Trojan.ibank” has been modified to look for SAP GUI installations, a
concerning sign that SAP system hacking has gone into mainstream cybercrime.
Once a domain of a few isolated APT attacks, SAP appears to be in the cross
hairs of hackers that know just how much sensitive data ERP systems house,
including financial, customer, employee and production data. With more than
248,500 customers in 188 countries, SAP
13 min
Malware
Analysis of the FinFisher Lawful Interception Malware
It's all over the news once again: lawful interception malware discovered in the
wild being used by government organizations for intelligence and surveillance
activities. We saw it last year when the Chaos Computer Club unveiled a trojan
being used by the federal government in Germany, WikiLeaks released a collection
of related documents in the Spy Files, we read about an alleged offer from Gamma
Group to provide the toolkit FinFisher to the Egyptian government, and we are
reading once again now