Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Authentication  

Weekly Metasploit Wrapup

Steal all the passwords I talk a lot about Authenticated Code Execution, but of course that's not the only thing that authenticated access can get you. This week's update comes with a couple of modules for using known credentials to extract more credentials. The first…

If Employee Passwords Get Compromised, Does Your System Make a Sound?

Compromised credentials are the number one attack vector behind breaches, according to the Verizon Data Breach Investigations Report. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without…

Insider Threat or Intruder: Effective Detection Doesn't Care

For various reasons, I have recently had a lot of conversations about insider threats. What is the best solution for them? How can they be detected? Does InsightIDR detect them? Rather than answering these questions with more questions, here is what I say: when you…

Detecting Intruders Using Credentials: Lateral Movement Is Not Just for T3h 1337 h4x0|2

The largest challenge for organizations looking to detect and contain attackers is one of the hardest to overcome: disbelief. Disbelief that they will be targeted. Disbelief that someone will get past their perimeter. Disbelief that they will use stealth. Whether it is an expert group…

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before…

Why do we keep forcing short-term password changes?

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. I'm often asked by friends and colleagues: Why do I have to change my password every 30 or 60 days? My response is always…

Designing Authentication

At Rapid7 security is everything, and that doesn't exclude the UX team. Yes, we want to give you beautiful interactions, seamless workflows and screens that make you go ‘Wow!' But security is always there gently guiding our design decisions, which can sometimes cause conflict…

IDC says 70% of successful breaches originate on the endpoint

This is part 2 of a blog post series on a new IDC infographic covering new data on compromised credentials and incident detection. Check out part 1 now if you missed it. Most organizations focus on their server infrastructure when thinking about security – a fact…

Brute Force Attacks Using US Census Bureau Data

Currently one of the most successful methods for compromising an organization is via password-guessing attacks. To gain access to an organization using brute force attack methods, there are a minimum of three things a malicious actor needs: A username, a password, and a target. Often…

The Attacker's Dictionary

Rapid7 is publishing a report about the passwords attackers use when they scan the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA Conference this week, or online right here. The following post describes some of what is investigated in…

Simple Network Management Protocol (SNMP) Best Practices

By Deral Heiland, Research Lead, and Brian Tant, Senior Consultant, of Rapid7 Global ServicesOver the past several years while conducting security research in the area of Simple Network Management Protocol (SNMP) and presenting those findings at conferences around the world we are constantly approached with…

Get the 2015 Incident Detection & Response Survey Results!

In order to learn more about the strategic initiatives, current tools used, and challenges security teams are facing today, we surveyed 271 security professionals hailing from organizations across the globe. We were able to get fantastic responses representing companies from all sizes and industries, including…

Nexpose Two Factor Authentication

For organizations that want additional security upon login, Nexpose and the Rapid7 Nexpose-Client Ruby Gem will support Two Factor Authentication as of the January 6, 2016 release. Two Factor Authentication requires the use of a time-based one-time password application such as Google Authenticator. Two Factor…

Understanding User Behavior Analytics

Hey everyone! I'm pleased to announce that we've put together another pretty fun research report here in the not-terribly-secret overground labs here at Rapid7: Understanding User Behavior Analytics. You can download it over here. Modern enterprise breaches tend to make heavy use of misbehaving user…

If Employee Passwords Get Exposed by Third-Party Breach, Does Your System Make a Sound?

Stolen credentials are the number one attack vector behind breaches1. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without malware. Phishing & malware are great ways to…