Rapid7 Blog

HD Moore  

AUTHOR STATS:

41

Six Wonderful Years

Rapid7 has been my home for the last six years, growing from 98 people when I joined to over 700 today. Keeping up with the growth has been both exhilarating and terrifying. I am really proud of our Austin team, the Metasploit ecosystem, and our…

CVE-2015-7755: Juniper ScreenOS Authentication Backdoor

On December 18th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and…

Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.

The Survey One month ago we asked the community for feedback about how they use Metasploit and what they want to see in the Meterpreter payload suite going forward. Over the course of a week we received over 400 responses and over 200 write-in suggestions…

The Internet of Gas Station Tank Gauges

Introduction Automated tank gauges (ATGs) are used to monitor fuel tank inventory levels, track deliveries, raise alarms that indicate problems with the tank or gauge (such as a fuel spill), and to perform leak tests in accordance with environmental regulatory compliance. ATGs are used by…

12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog

This post is the tenth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014.The Metasploit Framework uses operating system and service fingerprints for automatic…

2015: Project Sonar Wiki & UDP Scan Data

Project Sonar started in September of 2013 with the goal of improving security through the active analysis of public networks. For the first few months, we focused almost entirely on SSL, DNS, and HTTP enumeration. This uncovered all sorts of interesting security issues and contributed…

R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access

Introduction GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP.  Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. This vulnerability allows an attacker operating a malicious…

R7-2014-16: Palo Alto Networks User-ID Credential Exposure

Project Sonar tends to identify unexpected issues, especially with regards to network security products. In July of this year, we began to notice a flood of incoming SMB connections every time we launched the VxWorks WDBRPC scan. To diagnose the issue, we ran the Metasploit…

Mitigating Service Account Credential Theft

I am excited to announce a new whitepaper, Mitigating Service Account Credential Theft on Windows. This paper was a collaboration between myself, Joe Bialek of Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is shown below,Over the last 15 years, the…

Goodnight, BrowserScan

The BrowserScan concept emerged during the heyday of Java zero-day exploits in 2012. The risk posed by out-of-date browser addons, especially Java and Flash, was a critical issue for our customers and the greater security community. The process of scanning each desktop for outdated plugins…

Supermicro IPMI Firmware Vulnerabilities

Introduction This post summarizes the results of a limited security analysis of the Supermicro IPMI firmware. This firmware is used in the baseboard management controller (BMC) of many Supermicro motherboards. The majority of our findings relate to firmware version SMT_X9_226. The information in…

Project Sonar: One Month Later

It has been a full month since we launched Project Sonar and I wanted to provide quick update about where things are, the feedback we have received, and where we are going from here.We have received a ton of questions from interested contributors about…

Estimating ReadyNAS Exposure with Internet Scans

I wanted share a brief example of using a full scan of IPv4 to estimate the exposure level of a vulnerability. Last week, Craig Young, a security researcher at Tripwire, wrote a blog post about a vulnerability in the ReadyNAS network storage appliance. In an…

The Security Space Age

I was fortunate enough to present as the keynote speaker for HouSecCon 4. The first part of my presentation focused on the parallels between information security today and the dawn of the space age in the late 1950s. The second section dove into internet-wide measurement…

Welcome to Project Sonar!

Project Sonar is a community effort to improve security through the active analysis of public networks. This includes running scans across public internet-facing systems, organizing the results, and sharing the data with the information security community. The three components to this project are tools, datasets,…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now