3 min
Project Sonar
Attack Surface Monitoring with Project Sonar
Attack Surface Monitoring with Project Sonar can help you reduce and monitor your attack surface.
8 min
Vulnerability Management
Understanding Ubiquiti Discovery Service Exposures
On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.
6 min
Haxmas
Happy HaXmas! Year-End Internet Scanning Observations
As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.
13 min
Research
Rsunk your Battleship: An Ocean of Data Exposed through Rsync
Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet.
2 min
Project Heisenberg
Off the Chain! A Research Paper Observing Bitcoin Nodes on the Public Internet
Over the last several years, blockchain-based technologies have exploded in
growth. Lately it seems like blockchains are turning up everywhere, from
chicken
management systems
[https://www.bloomberg.com/news/features/2018-04-09/yes-these-chickens-are-on-the-blockchain]
to the next hot cryptocurrency
[https://medium.com/bitfwd/how-to-do-an-ico-on-ethereum-in-less-than-20-minutes-a0062219374]
.
Waves of new companies, products and applications exist, often in the form of
just wedging a blockcha
7 min
Haxmas
Yankee Swapped: MQTT Primer, Exposure, Exploitation, and Exploration
This HaXmas, Rapid7's Jon Hart Yankee swaps readers a few minutes' attention for a festive look at MQTT exposure on the public IPv4 internet (and an exploitation module!).
7 min
Research
Cisco Smart Install Exposure
Cisco Smart Install (SMI) provides configuration and image management
capabilities for Cisco switches. Cisco’s SMI documentation
[http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html]
goes into more detail than we’ll be touching on in this post, but the short
version is that SMI leverages a combination of DHCP, TFTP and a proprietary TCP
protocol to allow organizations to deploy and manage Cisco switches. Using SMI
yields a number of be
11 min
Research
Measuring SharknAT&To Exposures
On August 31, 2017, NoMotion’s “SharknAT&To” research
[https://www.nomotion.net/blog/sharknatto/] started making the rounds on
Twitter.
After reading the findings, and noting that some of the characteristics seemed
similar to trends we’ve seen in the past, we were eager to gauge the exposure of
these vulnerabilities on the public internet. Vulnerabilities
[https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/] such as
default passwords or command injection, which are usually tri
7 min
Research
Remote Desktop Protocol (RDP) Exposure
The Remote Desktop Protocol, commonly referred to as RDP, is a proprietary
protocol developed by Microsoft that is used to provide a graphical means of
connecting to a network-connected computer. RDP client and server support has
been present in varying capacities in most every Windows version since NT
[https://en.wikipedia.org/wiki/Windows_NT]. Outside of Microsoft's offerings,
there are RDP clients available for most other operating systems. If the nitty
gritty of protocols is your thing, Wiki
1 min
Project Sonar
Project Sonar - Mo' Data, Mo' Research
Since its inception, Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] has
aimed to share the data and knowledge we've gained from our Internet scanning
and collection activities with the larger information security community. Over
the years this has resulted in vulnerability disclosures, research papers,
conference presentations, community collaboration and data. Lots and lots of
data.
Thanks to our friends at scans.io [https://scans.io/], Censys
[https://censys.io/], and the Universit
3 min
Project Sonar
Signal to Noise in Internet Scanning Research
We live in an interesting time for research related to Internet scanning.
There is a wealth of data and services to aid in research. Scanning related
initiatives like Rapid7's Project Sonar [https://sonar.labs.rapid7.com/], Censys
[https://censys.io/], Shodan [https://www.shodan.io/], Shadowserver
[https://www.shadowserver.org/] or any number of other public/semi-public
projects have been around for years, collecting massive troves of data. The
data and services built around it has been used f
3 min
Project Sonar
The Internet of Gas Station Tank Gauges -- Final Take?
In early 2015, HD Moore performed one of the first publicly accessible research
related to Internet-connected gas station tank gauges, The Internet of Gas
Station Tank Gauges [/2015/01/22/the-internet-of-gas-station-tank-gauges].
Later that same year, I did a follow-up study that probed a little deeper in
The
Internet of Gas Station Tank Gauges — Take #2
[/2015/11/18/the-internet-of-gas-station-tank-gauges-take-2]. As part of that
study, we were attempting to see if the exposure of these devic
11 min
Metasploit
NCSAM: Understanding UDP Amplification Vulnerabilities Through Rapid7 Research
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA
[/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers]
and the 30th anniversary of the CFAA - a problematic law that hinders beneficial
security research. Throughout the month, we will be sharing content that
enhances understanding of what independent security research
6 min
Project Sonar
Sonar NetBIOS Name Service Study
For the past several years, Rapid7's Project Sonar
[https://sonar.labs.rapid7.com/] has been performing studies that explore the
exposure of the NetBIOS name service on the public IPv4 Internet. This post
serves to describe the particulars behind the study and provide tools and data
for future research in this area.
Protocol Overview
Originally conceived in the early 1980s, NetBIOS is a collection of services
that allows applications running on different nodes to communicate over a
network. O
8 min
Vulnerability Management
ScanNow DLL Search Order Hijacking Vulnerability and Deprecation
Overview
On November 27, 2015, Stefan Kanthak contacted Rapid7 to report a vulnerability
in Rapid7's ScanNow tool. Rapid7 takes security issues seriously and this was
no exception. In combination with a preexisting compromise or other
vulnerabilities, and in the absence of sufficient mitigating measures, a system
with ScanNow can allow a malicious party to execute code of their choosing
leading to varying levels of additional compromise. In order to protect the
small community of users who ma