Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Jon Hart  

AUTHOR STATS:

27

The Pudding is in the Proof: The Importance of Proofs in Vulnerability Management

In vulnerability management and practices like it, including simple vulnerability assessment, down and dirty penetration testing, and compliance driven auditing, when a target is tested for the presence of a particular vulnerability, in addition to the binary answer for "Is it vulnerable or not?…

12 Days of HaXmas: Exploiting CVE-2014-9390 in Git and Mercurial

This post is the eighth in a series, 12 Days of HaXmas__, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. A week or two back, Mercurial inventor Matt Mackall found what…

Amp Up and Defy Amplification Attacks -- Detecting Traffic Amplification Vulnerabilities with Nexpose

Approximately a year ago, the Internet saw the beginnings of what would become the largest distributed denial of service (DDoS) attacks ever seen.  Peaking at nearly 400Gbs in early 2014, these attacks started when a previously undisclosed vulnerability that would ultimately become CVE-2013-5211 was…

R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities

Overview In the summer of 2014, Rapid7 Labs started scanning the public Internet for NAT-PMP as part of Project Sonar.  NAT-PMP is a protocol implemented by many SOHO-class routers and networking devices that allows firewall and routing rules to be manipulated to enable internal, assumed…

Adventures in Empty UDP Scanning

One of the interesting things about security research, and I guess research in general, is that all too often the only research that is publicized is research that proves something or shows something especially amazing.  Research that is incomplete, where the original hypothesis or…

BSidesLA 2014 - Trial by Research: Security Research v. Law

Last month I had the pleasure of speaking at BSides Los Angeles.My role at Rapid7, much like many others who dabble in security research, frequently puts me in a position where I need to be aware of and careful regarding U.S. law. The…

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Overview As part of Rapid7 Labs' Project Sonar, among other things, we scan the entire public IPv4 space (minus those who have opted out) looking for listening NTP servers.  During this research we discovered some unknown NTP servers responding to our probes with messages that…

A Place for Everything and Everything in its Place -- Custom Vulnerability Content

In all of our documentation related to authoring custom vulnerability content, not once is it clear where you put this content.  Sometimes no guidance is given at all.  Other times there is this hand-wavy, "just put the content in this random directory" response.…

In case of emergency, break glass -- Unable to update past Nexpose version 5.8.0

With the release of Nexpose 5.8.0 on 12/04/2013, a bug was introduced that would hinder Nexpose's ability to update any further in some uncommon network conditions.  You can rest assured that we have updated our processes to prevent situations like this…

Vulnerability Management And Expert Systems

Overview An unique feature of the Nexpose vulnerability management (VM) solution is that the core of the underlying scanner uses an expert system.  Many years and several careers ago, I had been tasked with selecting an appropriate VM solution at my employer.  Among the possible…

Custom Vulnerability Checks using Nexpose's Vulnerability Schemas

Over the years, several documents have been written about how to write custom vulnerability checks in Nexpose.  The most important of these include one about the various components of a vulnerability check, one that gives examples of common vulnerability checking techniques, and another about…

Vulnerability Correlation -- Enabled by Default

Vulnerability correlation is a feature of Nexpose where a vulnerable result from one vulnerability can be overridden by an invulnerable result from another.  As an example of how this works and why it is a useful option to have enabled, take CVE-2011-3192, a fun…