4 min
News
State-Sponsored Threat Actors Target Security Researchers
On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.
5 min
Research
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
12 min
Labs
How I Shut Down a (Test) Factory with a Single Layer 2 Packet
In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.
5 min
Vulnerability Management
Drupalgeddon Vulnerability: What is it? Are You Impacted?
First up: many thanks to Brent Cook [/author/brent-cook/], William Vu
[/author/william-vu/] and Matt Hand for their massive assistance in both the
Rapid7 research into “Drupalgeddon” and their contributions to this post.
Background on the Drupalgeddon vulnerability
The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28
) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory
was released with a patch and CVE (CVE-2018-7600)
[https://www.rapid7.com/
4 min
Honeypots
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with
Nexpose's web spider functionality. This check will be performed against any
URIs discovered with the suffix “.action” (the default configuration for Apache
Struts apps). To learn more about using this check, read this post
[https://www.rapid7.com/blog/post/2017/03/15/using-web-spider-to-detect-vulnerable-apache-struts-apps-cve-2017-5638/]
.
UPDATE - March 9th, 2017: Scan your network for this vulnerability
[https://
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud
3 min
Project Sonar
The Internet of Gas Station Tank Gauges -- Final Take?
In early 2015, HD Moore performed one of the first publicly accessible research
related to Internet-connected gas station tank gauges, The Internet of Gas
Station Tank Gauges [/2015/01/22/the-internet-of-gas-station-tank-gauges].
Later that same year, I did a follow-up study that probed a little deeper in
The
Internet of Gas Station Tank Gauges — Take #2
[/2015/11/18/the-internet-of-gas-station-tank-gauges-take-2]. As part of that
study, we were attempting to see if the exposure of these devic
9 min
Project Sonar
Project Sonar Study of LDAP on the Internet
The topic of today's post is a Rapid7 Project Sonar
[https://sonar.labs.rapid7.com/] study of publicly accessible LDAP services on
the Internet. This research effort was started in July of this year and various
portions of it continue today. In light of the Shadowserver Foundations's
recent announcement [https://ldapscan.shadowserver.org/] regarding the
availability relevant reports we thought it would be a good time to make some of
our results public. The study was originally intended to be a
6 min
Project Sonar
Digging for Clam[AV]s with Project Sonar
A little over a week ago some keen-eyed folks discovered a
feature/configuration
weakness [http://seclists.org/nmap-dev/2016/q2/198] in the popular ClamAV
malware scanner that makes it possible to issue administrative commands such as
SCAN or SHUTDOWN remotely—and without authentication—if the daemon happens to be
running on an accessible TCP port. Shortly thereafter, Robert Graham unholstered
his masscan [https://github.com/robertdavidgraham/masscan] tool and did a s
ummary blog post
[http://bl
5 min
Project Sonar
Rapid7 Labs' Project Sonar - Nexpose Integration
With the release of Nexpose 5.17, customers were enabled to easily gain an
outsider's view of their internet-facing assets. This capability was made
possible through integration with Rapid7 Labs' Project Sonar
[/2013/09/26/welcome-to-project-sonar].
What is Project Sonar?
Project Sonar is a community effort to improve security through the active
analysis of public networks. This includes running scans across public
internet-facing systems, organizing the results, and sharing the data with the
2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
3 min
Metasploit
12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog
This post is the tenth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
The Metasploit Framework [https://www.metasploit.com/download/] uses operating
system and service fingerprints for automatic target selection and asset
identification. This blog post describes a major overhaul of the fingerprinting
backend within Metasploit and how you can extend it by submitting new
fingerprints.
Histo
17 min
Project Sonar
R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities
Overview
In the summer of 2014, Rapid7 Labs started scanning the public Internet for
NAT-PMP as part of Project Sonar
[https://community.rapid7.com/community/infosec/sonar]. NAT-PMP is a protocol
implemented by many SOHO-class routers and networking devices that allows
firewall and routing rules to be manipulated to enable internal, assumed trusted
users behind a NAT device to allow external users to access internal TCP and UDP
services for things like Apple's Back to My Mac and file/media shar
3 min
Project Sonar
Legal Considerations for Widespread Scanning
Last month Rapid7 Labs launched Project Sonar,
[/2013/09/26/welcome-to-project-sonar]a community effort to improve internet
security through widespread scanning and analysis of public-facing computer
systems. Though this project, Rapid7 is actively running large-scale scans to
create datasets, sharing that information with others in the security community,
and offering tools to help them create datasets, too.
Others in the security field are doing similar work. This fall, a research team
at the