Posts by mjc

1 min Nexpose

How to Check for Remote Desktop Protocol (RDP) Services

There are many organizations concerned with the critical Microsoft Security Bulletin MS12-020 [] Remote Desktop Protocol (RDP) vulnerability. Here is a quick way to check if you have Remote Desktop Protocol running on your system or network. I used NMAP [] to check my home network. In the highlighted text below you can see that NMAP can check for the RDP service running. If you can't patch, this is important because at

2 min Microsoft

Information Disclosure: Out of Office Auto Replies

Out of office replies are a blessing and a curse for organizations from an operational security perspective. Many of the out of office auto replies I receive contain too much information. Since many security professionals are at the RSA Conference this week I've had plenty hit my inbox. This is nothing compared to December around the holiday season. Like anything the information in the replies can be used for good and bad. Good people are trying to ensure that work continues while they are away

2 min

Quality Security: People, Process, and Products

Here at Rapid7 we have tons of talented people across the board, sometimes it's scary. One of the people who I've interacted with a lot is Jennifer Benson, our VP of Customer Experience. Through Jen I have found that three tenants of People, Process, and Products (the 3Ps) are very handy when it comes down to delivering just about anything. We use the 3Ps here at Rapid7 to deliver quality customer experiences. Jen is very smart and she breaks many things down by using the 3Ps. There is a reason

1 min Metasploit

Free Microsoft Virtual Machines for Testing

I am often asked how security professionals and students can safely test security software. My usual response is, they should create a virtual lab with diverse operating systems for testing. The problem that many encounter is they don't have licenses available to install the operating systems. During my creating and testing the Metasploit Javascript Keylogger [/2012/02/21/metasploit-javascript-keylogger], I came across free virtual machines from Microsoft that are sure to be useful to securit

3 min Metasploit

The Art of Keylogging with Metasploit & Javascript

Rarely does a week go by without a friend or family member getting their login credentials compromised, then reused for malicious purposes. My wife is always on the lookout on Facebook, warning relatives and friends to change their passwords. Many people don't understand how their credentials get compromised. Password reuse on several websites is usually the culprit. Password reuse is a problem even if the website encrypts the passwords in their databases. An attacker only needs to insert some

2 min Microsoft

Microsoft Patch Tuesday - November 2011

November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two “importants”, and one “moderate”. The majority of these bulletins relate to Microsoft's later versions of the OS, implying that the flaws they address were possibly introduced with Windows Vista. Generally more vulnerabilities are found in earlier versions of the OS, so this month is unusual. The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP, vulnerability which affects Vista, Windows 7, Server

2 min Patch Tuesday

October 2011 Patch Tuesday

This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only two bulletins were rated 'critical', and the rest were rated 'important'. In terms of prioritizing patching, when I look at security vulnerabilities, first I want to understand which ones can have the most widespread impact. MS11-081is a cumulative update which affects Internet Explorer, so it relates to both corporate and home users. These v

2 min Microsoft

Microsoft September 2011 Patch Tuesday

This month, Microsoft issued five bulletins to address 15 vulnerabilities.  All of these bulletins are rated “important”; however, while there are no “critical” bulletins this month, organizations should not downplay the vulnerabilities being addressed. It's easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident. “Important” vulnerabilities may not give attackers the full roo

3 min Compliance

Disclosure, Destruction, and Denial

A few years ago while I was working at Defense Cybercrime Center (DC3), one of my colleagues Terrence Lillard talked about the DDD triad in regards to what attackers want to do to organization's assets. I haven't heard anyone outside of him using that term, but I think it's worth sharing. I participated in an awesome mini-conference event last week with the Metasploit Developement team and this came up during my talk on Risk Management. When I asked the audience of seasoned security practicioner

2 min Patch Tuesday

July Patch Tuesday

Only four bulletins in July's Patch Tuesday, but patching a not insignificant 22 vulnerabilities. Only one of the bulletins is classified “critical”: MS11-053. This should be taken seriously as it can allow remote command execution to clients on Windows 7 and Windows Vista. This could affect both consumer and corporate users. In addition, wireless vulnerabilities like this one (MS11-053) are always considered quite sexy because if successfully exploited they allow attackers to do anything the

2 min Metasploit

Emulating ZeuS DNS Traffic with Metasploit Framework

[UPDATE 6/28/2011] vSploit Modules will be released at DEFCON This is a follow-up post for vSploit - Virtualizing Intrusion & Exploitation Attributes with Metasploit Framework [] about using Metasploit as a way to test network infrastructure countermeasures and coverage. I mentioned obtaining list of suspicious domains to use for testing organization's networking intell