Rapid7 Blog

Jon Hart  

AUTHOR STATS:

22

Cisco Smart Install Exposure

Cisco Smart Install (SMI) provides configuration and image management capabilities for Cisco switches. Cisco’s SMI documentation goes into more detail than we’ll be touching on in this post, but the short version is that SMI leverages a combination of DHCP, TFTP and a…

Measuring SharknAT&To Exposures

On August 31, 2017, NoMotion’s “SharknAT&To” research started making the rounds on Twitter. After reading the findings, and noting that some of the characteristics seemed similar to trends we’ve seen in the past, we were eager to gauge the exposure of…

Remote Desktop Protocol (RDP) Exposure

The Remote Desktop Protocol, commonly referred to as RDP, is a proprietary protocol developed by Microsoft that is used to provide a graphical means of connecting to a network-connected computer. RDP client and server support has been present in varying capacities in most every Windows…

Project Sonar - Mo' Data, Mo' Research

Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community.  Over the years this has resulted in vulnerability disclosures, research papers, conference presentations, community collaboration…

Signal to Noise in Internet Scanning Research

We live in an interesting time for research related to Internet scanning. There is a wealth of data and services to aid in research. Scanning related initiatives like Rapid7's Project Sonar, Censys, Shodan, Shadowserver or any number of other public/semi-public projects have been around…

The Internet of Gas Station Tank Gauges -- Final Take?

In early 2015, HD Moore performed one of the first publicly accessible research related to Internet-connected gas station tank gauges, The Internet of Gas Station Tank Gauges. Later that same year, I did a follow-up study that probed a little deeper in The Internet of…

NCSAM: Understanding UDP Amplification Vulnerabilities Through Rapid7 Research

October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA and the 30th anniversary of the CFAA - a problematic law that hinders beneficial…

Sonar NetBIOS Name Service Study

For the past several years, Rapid7's Project Sonar has been performing studies that explore the exposure of the NetBIOS name service on the public IPv4 Internet.  This post serves to describe the particulars behind the study and provide tools and data for future research in…

ScanNow DLL Search Order Hijacking Vulnerability and Deprecation

Overview On November 27, 2015, Stefan Kanthak contacted Rapid7 to report a vulnerability in Rapid7's ScanNow tool.  Rapid7 takes security issues seriously and this was no exception.  In combination with a preexisting compromise or other vulnerabilities, and in the absence of sufficient mitigating measures, a…

The Internet of Gas Station Tank Gauges -- Take #2

In January 2015, Rapid7 worked with Jack Chadowitz and published research related to Automated Tank Gauges (ATGs) and their exposure on the public Internet.  This past September, Jack reached out to us again, this time with a slightly different request.  The goal was to reassess…

The Pudding is in the Proof: The Importance of Proofs in Vulnerability Management

In vulnerability management and practices like it, including simple vulnerability assessment, down and dirty penetration testing, and compliance driven auditing, when a target is tested for the presence of a particular vulnerability, in addition to the binary answer for "Is it vulnerable or not?…

12 Days of HaXmas: Exploiting CVE-2014-9390 in Git and Mercurial

This post is the eighth in a series, 12 Days of HaXmas__, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. A week or two back, Mercurial inventor Matt Mackall found what…

Amp Up and Defy Amplification Attacks -- Detecting Traffic Amplification Vulnerabilities with Nexpose

Approximately a year ago, the Internet saw the beginnings of what would become the largest distributed denial of service (DDoS) attacks ever seen.  Peaking at nearly 400Gbs in early 2014, these attacks started when a previously undisclosed vulnerability that would ultimately become CVE-2013-5211 was…

R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities

Overview In the summer of 2014, Rapid7 Labs started scanning the public Internet for NAT-PMP as part of Project Sonar.  NAT-PMP is a protocol implemented by many SOHO-class routers and networking devices that allows firewall and routing rules to be manipulated to enable internal, assumed…

Adventures in Empty UDP Scanning

One of the interesting things about security research, and I guess research in general, is that all too often the only research that is publicized is research that proves something or shows something especially amazing.  Research that is incomplete, where the original hypothesis or…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now