3 min
Threat Intel
Major Carding Site Replacement: How Altenen.nz Rose From the Ashes of Altenen.com
Here’s our recap of the Altenen takedown and thoughts on where threat hunters should shift their focus for finding new threats and fraud tactics.
4 min
Threat Intel
Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.
3 min
Threat Intel
Digital Footprints, Breadcrumbs, and How Hackers Exploit Them
Here is how hackers use publicly available employee data in the form of digital footprints and breadcrumbs to illegally access company systems.
5 min
Threat Intel
How to Automate Identifying and Take Down Malicious Social Media Profiles
Here is how Rapid7 has automated the process of identifying and taking down fake social media profiles to help companies proactively identify these scams.
3 min
Threat Intel
15 Technologies and Tools Commonly Used in Dark Web Black Markets
Here is our list of 15 common technologies and tools used by cybercriminals to access and communicate via the dark web.
4 min
Threat Intel
A Common Retailer Dark Web Profile: What We Found in Our Search
In this post, we share examples of common retailer data found across the Dark Web and build a “Dark Web profile” for a typical retail company.
2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
3 min
Threat Intel
Threat Intel Book Club: The Cuckoo's Egg wrap-up
Last week, Rebekah Brown [https://twitter.com/PDXbek] and I wrapped up The
Cuckoo’s Egg [https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg] with book club
readers around the world. Dig through some blog archives to get a sense of how
this book club got started
[/2018/02/02/welcome-to-the-2018-threat-intel-book-club/] and what we’ve
discussed [/2018/02/27/recap-2-21-threat-intelligence-book-club/] so far
[/2018/03/18/next-threat-intel-book-club-4-5-recapping-the-cuckoos-egg/]. Below
is a recap of
3 min
Threat Intel
Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up
Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up!
2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up
Get the Full Report
[https://www.rapid7.com/info/threat-report/2017-q4-threat-report]
We could not have picked a better year to start doing this, as 2017 was one for
the books. While we spent most of the year falling headfirst into a world where
nation-state tools are available for anyone to use, the worm re-emerged (now
evolved [/2017/06/27/petya-ransomware-explai
4 min
Threat Intel
Simplicity, Harmony, and Opportunity: Rapid7 Threat Report Q3 2017
John Archibald Wheeler, the theoretical physicist who first coined the term
“wormhole” (and therefore brought us Deep Space 9) once listed Albert Einstein’s
Three Rules of Work:
> Out of clutter find simplicity; from discord find harmony; in the middle of
difficulty lies opportunity.
These rules seemed fitting for our third quarter threat report
[https://www.rapid7.com/info/threat-report/2017-q3-threat-report/]. Q3 brought
us plenty of clutter, discord, and difficulty, but in this threat repo
3 min
Threat Intel
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence
Cyber Threat Intelligence is analyzed information about the opportunities,
capabilities, and intent of cyber adversaries. The goal of cyber threat
intelligence [https://www.rapid7.com/fundamentals/what-is-threat-intelligence/]
is to help people make decisions about how to prevent, detect, and respond to
threats against their networks. This can take a number of forms, but the one
people almost always turn to is IOCs. IOCs, or indicators of compromise, are
tech
2 min
Nexpose
Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!
We wanted to give you a preview into Nexpose's new integration with both McAfee
ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the
next stage of our partnership with Intel as their chosen vendor for
vulnerability management . This partnership is also a first for both Rapid7 and
Intel, as Nexpose is the only vulnerability management
[https://www.rapid7.com/solutions/vulnerability-management/] solution to not
only push our unique risk scoring into ePO for analysis, but al
3 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 3
This is the third post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Here's Part 1
[/2016/03/09/threat-intelligence-foundations-crawl-walk-analyze-part-1] and
Part
2 [/2016/03/10/threat-intelligence-foundations-crawl-walk-analyze-part-2].
Intelligence Analysis in Security Operations
In the first two parts of this series we talked about frameworks for
understanding and approaching intelligenc
5 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 2
This is the second post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Read Part One here
[/2016/03/09/threat-intelligence-foundations-crawl-walk-analyze-part-1].
Tinker, Tailor, Soldier, Spy: Utilizing Multiple Types of Intelligence
Just as there are different operational levels of intelligence—discussed in
detail in the first post
[/2016/03/09/threat-intelligence-foundations-crawl-walk-anal
4 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 1
This is the first post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations.
There is a consensus among many in threat intelligence
[https://www.rapid7.com/fundamentals/what-is-threat-intelligence/] that the way
the community has approached threat intelligence in the past - i.e, the “Threat
Data → SIEM → Magical Security Rainbows” approach has left something to be
desired, and that something is usu