Posts by John Schimelpfenig

2 min Metasploit

Federal Friday - 6.20.14 - Winter is Coming

Happy Friday, Federal friends. The World Cup (soccer tournament) is underway, and while futbol is fun to watch for a few weeks, we are really waiting for the start of football training camp. Sorry about the title, especially for those in the Northeast. It's more of a play on Game of Thrones ominous tag line, and about how one should be prepared. In this case I'm using it in reference to the pending changes coming to NIST 800-53 [http://www.informationweek.com/government/cybersecurity/nist-secur

2 min Metasploit

Federal Friday - 6.13.14 - New Group, Same Story

Happy Friday, Federal friends! It's another lovely Fall day here in Beantown but I hope each of you are enjoying your early Summer weather. Some exciting news as Rapid7 was named one of the Top Places to Work by the Boston Business Journal (#11 Mid-size company)! I'm going to keep it short and sweet today considering this is a topic I've covered before. Given the news stemming from a new CrowdStrike [http://www.crowdstrike.com/sites/all/themes/crowdstrike2/css/imgs/platform/CrowdStrike_Global_T

2 min Metasploit

Federal Friday - 6.6.14 - 70 Years Later

Happy Friday, Federal friends! As we all know today marks the 70th anniversary that our forbearers forever changed the course of history, my grandfather among them. By securing a foothold on the beaches of Normandy, the Allied Expeditionary Force was able to penetrate the steel teeth that was Fortress Europe. While times have changed, Gen. Eisenhower's words still ring loudly today. Not just in terms of the sacrifices made that day, but also in the trenches that we find ourselves in today. Take

1 min Metasploit

Federal Friday - 5.30.14 - Social Engineering from the Middle East

Happy Friday, Federal friends. You can tell it's almost Summah up here because it's been 50 and raining this week. So an interesting piece of news from an article on DarkReading [http://www.darkreading.com/attacks-breaches/iranian-cyberspies-pose-as-journalists-online-to-ensnare-their-targets/d/d-id/1269270] this week regarding an ongoing campaign targeting government officials and contractors of both the US and Israel. This is a mash-up of social engineering techniques from phishing to social

2 min

Federal Friday - 5.23.14 - Thank a Veteran

Happy Friday, Federal friends. We're making the hard push for Summah, supposedly. While there are always topics I can find and write on each week, and there were some good things that came out this week, I wanted to take a step back today. This weekend, although considered by many to be the start of summer, actually is intended for us all to give thanks to those that keep us safe from threats; foreign and domestic. Most of us in security these days barely have enough time to think about lunch,

2 min Metasploit

Federal Friday - 5.16.14 - Cloudy with a Chance of Insider Threats

To quote the multi-dimensional, world-renowned lyricist Rebecca Black: "Yesterday was Thursday, Thursday. Today i-is Friday, Friday." With that being said -- welcome to the weekend, Federal friends. I wanted to start this week off with an article from GCN [http://gcn.com/articles/2014/05/09/insight-hybrid-cloud-security.aspx?admgarea=TC_SecCybersSec] around government and the cloud. While the cloud trend has steadily increased over the past few years, the demand to bring it on board within the

3 min Metasploit

Federal Friday - 5.9.13 - Renewed Push for Threat Sharing

Happy Friday Federal friends! We're creeping closer and closer to summer, which means Boston will have about 2 weeks of Spring to look forward to. For those of you that were able to join our webcast yesterday I want to thank you for attending and please let me know if you have any questions, I'm here to help. Piggy-backing on the recent M-Trends report, and the latest DBIR [http://www.verizonenterprise.com/DBIR/], an article on DarkReading [http://www.darkreading.com/vulnerabilities---threats/

4 min Metasploit

Federal Friday - 5.2.14 - Alphaville: Cybersecurity's Westeros

Happy Friday, federal friends! I blinked on Monday and the next thing I know I'm typing up this blog. Where has the week gone? For those of you that have been impacted by the wild and dangerous weather around the country this week, I wish you all the best and a speedy recovery. So did my title about Westeros get you? I love Game of Thrones as much as the next fan, although I do have to admit I'm holding off on the books until HBO wraps their version, but the reality is that it takes place in th

2 min Metasploit

Federal Friday - 4.25.14 - A Whole Lot of Oops

Happy Friday, Federal friends! I hope all of you enjoyed some nice family time over the respective holidays last week. After a successful Marathon Monday here in Boston we're blessed with chirping birds and blooming flowers (finally)! As you all probably know by now, Verizon released their latest DBIR [http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf] report earlier this week. While this report covered a wide range of topics in regards to breaches, I

4 min Metasploit

Federal Friday - 4.18.14 - Mandiant Trends and the Federal Cyber Brain Drain

Happy Friday, Federal friends. Hopefully all of you are though the post-Heartbleed hangover [http://i.huffpost.com/gen/284555/thumbs/r-HANGOVER-3-large570.jpg] with very few scars to show for it. I don't know about y'all folks further south than Beantown, but I FINALLY get to do my finest Payne Stewart [http://i.cdn.turner.com/dr/golf/www/release/sites/default/files/article_images/payne_stewart_299x247_1.jpg] impersonation as I hit the local links for the first time this season tomorrow mornin

3 min Metasploit

Federal Friday - 4.11.14 - Another Quiet Week...

Can you believe how quiet it was this week? Nothing going on, everyday slowly dragging on, the tick, tick tick of the clock getting louder and louder by the second. Reminds me of the late-night drip from your faucet but more annoying because you're stuck at work. Oh wait, totally forgot this was a cybersecurity blog and mistook it for my crochet blog. You, much like us here at R7, were probably pretty busy this week. In that case let me officially say, happy freaking Friday, Federal friends! I'

2 min Metasploit

Federal Friday - 4.4.14 - DOD Embraces NIST and Increases Cyberwarfare Force

Friday, oh sweet Friday, it's good to see you again. Hello Federal friends, welcome to another edition of Federal Friday. Over the last two weeks there has been a significant change in the way DOD approaches cybersecurity. On March 12th, the DOD made a major move by taking a risk based and holistic approach to cybersecurity by aligning with NIST's Risk Management Framework [http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf] and phasing out DOD Information Assurance

3 min Metasploit

Federal Friday - 3.28.14 - History Repeats in Current Phishing Campaigns

Happy Friday, federal friends! Spring has Sprung! While some of us had a touch of winter this week, we avoided the big hit and it looks like nothing but sunshine on the horizon which means summah is around the corner! Speaking of summer, who's going to Vegas for BackHat, B-Sides and Defcon? Drop me a line here if you are! Attackers, being the solid humans they are, have decided to pile on the recent tragedy around Malaysian Flight MH 370 [http://threatpost.com/mh-370-related-phishing-attacks-sp

2 min Metasploit

Federal Friday - 3.21.14 - A Day of Reckoning

Friday at last... Hello federal friends! I'm pleased to announce that the sun is setting here in Boston at 6:58pm tonight and there is major League Baseball being played this weekend. Spring officially happened yesterday which should make those of you in DC put Monday's snow-day out of sight and out of mind. Did my ominous title catch your attention? Don't worry, this is not the end of times, or even the end of days [http://www.imdb.com/title/tt0146675/] for that matter (thank goodness) and mo

2 min Metasploit

Federal Friday - 3.14.14 - New Beginnings and New Fed-focused Benchmarks

Happy Friday Federal friends! We're nestled comfortable in our new space in downtown Boston [https://www.google.com/maps/place/100 Summer St/@42.3537293,-71.057427,19z/data=!4m2!3m1!1s0x89e3708243c5aac5:0xa32a2abc907ec6c5] and it already feels like home. This is good news for everyone because we moved out of the Pru at 4pm on Friday and we were rockin' n' rolling in the new digs at 8am on Monday Enough about us though, let's get back to it... On the mobile front, NASA had a rough go of it du