Posts by John Schimelpfenig

1 min Metasploit

Federal Friday - 11.7.14 - Up in the Clouds...

Happy Friday, Federal friends! I hope everyone had a festive Halloween! According to the commercials I've been seeing on starting on 11/1 I guess we're skipping Thanksgiving this year and jumping right into the Holiday Season [http://www.idigitaltimes.com/black-friday-sales-2014-store-hours-and-start-time-target-walmart-best-buy-kmart-393775] ... So the time has finally come, Fed is starting to embrace the cloud (slowly). Within the last week we've seen NIST push out a road map for Cloud Infra

3 min

Mo Monday's at Rapid7 - Movember Week 1

Okay, okay... technically it's Tuesday. We had a few member's of our Herd out of the office yesterday which delayed the debut of the facial follicle fortitude that is needed to join the Rapid7 Moosestaches for Movember. Movember, for those of you who don't know, is a month long mustache growing campaign to raise awareness for men's health. While we're all guaranteed to look ridiculous, some will be downright creepy, we are doing it for a cause. There are 19 of the Rapid7 Moose signed up this yea

3 min Metasploit

Federal Friday - 10.24.14 - NCSAM Week 4

Happy Friday, Federal friends! Can anyone else believe next week is Halloween? Feels like only yesterday I was talking about the start of the MLB season and now we're through 2 games of the World Series... So this week is the 4th week of National Cybersecurity Awareness Month [http://www.dhs.gov/national-cyber-security-awareness-month-2014-week-four]. To me this is one of the more important weeks as the campaign centers around Cybersecurity for Small/Medium sized businesses and Entrepreneurs. T

2 min Metasploit

Federal Friday - 10.17.14 - Cybersecurity Awareness Month

Happy Friday, Federal friends. I hope the 2nd full week of FY15 is going well for you. Feels like we have the last 2 warm days of the year coming up this weekend thanks in part to this little graphic from NOAA. October, one of the nicer month's out of the year is also known as Cybersecurity Awareness month. We talked about it earlier this month in another blog post [/2014/10/06/cyber-security-awareness-month-taking-it-to-the-c-level-and-beyond] , but I wanted to highlight it here as well. While

1 min Metasploit

Federal Friday - 10.3.14 - Happy (Fiscal) New Year

Happy Friday, Federal Friends! Something seems a little different this year than last year, can't quite put my finger on it though... [/2013/10/04/federal-friday--10413--shutdown-edition] So, being that we all just made it through another roller coaster of a FY I wanted to keep today fairly light. Just as we've seen the frequency of attacks increase we have also seen a dramatic rise in cyber related plot lines and references in mainstream media. The latest being a CBS show called Scorpion, ahem

1 min Metasploit

Federal Friday - 9.26.14 - Shell Shocked and Bashed

Happy Friday, Federal Friends! Having a relatively quiet week? Just looking forward to a quiet end to FY14? Riiiiiiiiight, same here.... Most of you probably had an interesting 2nd half of the week just as we are. Like a judge at the Olympics, DHS [http://www.huffingtonpost.com/2014/09/24/new-bash-software-bug-m_n_5878398.html?ir=Technology] has scored this little diddy a 10 out of 10 both in impact and how easy it is to use this vuln to run an exploit. While this doesn't have the "world-is-end

2 min Metasploit

Federal Friday - 9.19.14 - Talk Like A Pirate Day Edition

Arrrrrg! Happy Friday, Federal Mateys!  Th' air be crisp 'n th' leaves be turnin' in New England, which means ‘tis almost the hour to strap on me skis! Another week has gone by 'n another breach be bein' reported by FireEye [http://www.fireeye.com/blog/technical/2014/09/putting-transcom-in-perspective.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29] . Arrrgh mateys, 'tis one involves a foreign government penetratin' th' net

2 min Metasploit

Federal Friday - 9.5.14 - Keeping 3rd Parties Honest

Happy Friday, Federal friends! I hope all of you enjoyed the nice long Labor Day weekend, and the short week to follow. I happily took last week off as well, maximizing the effect of the "long" weekend effect. Additionally, a group of 25 Rapid7 Moose took on the "Great Northeast" Tough Mudder event back on 8/23. I'm happy to say all of the "Dirty Moose" made it through the mud and obstacles, for the 2nd year in a row, and we helped generate funds for the Wounded Warrior Project [http://www.wound

1 min Metasploit

Federal Friday - 8.22.14 - A Sensitive Cloud and Some Additional Strategy

Happy Friday, Federal Friends! Do you hear that? That sound you're hearing is the collective high-five every adult with children just gave each other in celebration of "Back to School [http://giphy.com/gifs/WKdPOVCG5LPaM]." For those of you who's summah is coming to a close, I hope it has been a great couple of months. For those of you that don't have to worry about that, I'll see ya at the empty beach in September. I read a great article this week about another take on cyber strategy. Piggy--b

2 min Metasploit

Federal Friday - 8.8.14 - Military Strategy in Cybersecurity

Happy Friday, Federal friends! I hope that you folks out in the desert are having a blast at BlackHat, B-Sides and DEFCON. It sounds like it's been a great week out there, mostly because it's been so quiet back here in HQ. Speaking of BlackHat; there was a session this week being hosted by Tom Cross, director of security research at Lancope. He, and two other industry experts, were going to be discussing utilizing a variety of militaristic approaches to cybersecurity. In particular, having orga

2 min Metasploit

Federal Friday - 8.1.14 - Threat Sharing and Cybersecurity Myths

Happy Friday, Federal friends! After a brief hiatus, due to an epic travel day last Friday, I'm baaaaaack. Welcome to the dog-days of summer everyone. School is around the corner, and better yet we're only 62 days away from the unofficial start to ski season. Don't believe me? Check out the guys at Ski The East [https://twitter.com/SKITHEEAST], they're keeping watch for us. There was some potential, positive, traction regarding threat sharing in the Senate this week. Sen. Gillibrand introduced

3 min Metasploit

Federal Friday - 7.18.14 - Mobile Movement

Happy Friday, Federal friends! The Midsummer classic is behind us which means we're heading into the dog-days of summer. I hope you all have some nice quality time planned with your families so you can get out and enjoy the weather, especially with the Winter and "Spring" we just went through. There was a big announcement [http://fcw.com/articles/2014/07/16/apple-ibm-deal.aspx] earlier this week regarding two titans of the tech industry that will have direct impact on several verticals, includi

1 min Metasploit

Federal Friday - 7.11.14 - Buying Agile

Happy Friday, Federal friends! Due to the heavy amount of CDM paperwork I've had to do this week I'm going to keep today's blog very short. As we forge ahead into the spending spree [http://fcw.com/articles/2014/07/11/snapshot-fy-2014-q4-spending.aspx] that is Q4 of FY14, it's important to know how to navigate the buying process on the federal side of the house. FCW has a great article [http://fcw.com/articles/2014/06/26/buying-agile-without-jumping-through-hoops.aspx] this week offering a hos

0 min Metasploit

Federal Friday - 7.4.14 - A Special Thursday Edition

Breaking News: HAPPY FOURTH OF JULY! I hope all of you out there enjoy the long weekend with your friends, family fireworks and some delicious BBQ. See you again next week!

3 min Metasploit

Federal Friday - 6.27.14 - A Clash of Cultures

Happy Friday, Federal Friends! Welcome to the weekend, and for those of you who are out next week, happy Fourth of July. There was a great, short, read from the Washington Post [http://www.washingtonpost.com/business/on-it/cias-cio-working-with-private-sector-can-be-a-clash-of-cultures/2014/06/24/42213114-fbad-11e3-b1f4-8e77c632c07b_story.html] this week about a talk given given by CIA CIO Doug Wolfe at a recent symposium. He was talking about the Agency's coming deployment into AWS but went i