Posts by rep

11 min Honeypots

12 Days of HaXmas: Beginner Threat Intelligence with Honeypots

This post is the 12th in the series, "12 Days of HaXmas." So the Christmas season is here, and between ordering gifts and drinking Glühwein [] what better way to spend your time than sieve through some honeypot / firewall / IDS logs and try to make sense of it, right? At Rapid7 Labs, we're not only scanning the internet [], but also looking at who out there is scanning by making use of ho

5 min Metasploit

R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

Rapid7 Labs has found multiple vulnerabilities in Hikvision [] DVR (Digital Video Recorder) devices such as the DS-7204 [] and other models in the same product series that allow a remote attacker to gain full control of the device. More specifically, three typical buffer overflow vulnerabilities were discovered in Hikvision's RTSP request handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post s

6 min

Scanning All The Things

Introduction Over the past year, the Rapid7 Labs team has conducted large scale analysis on the data coming out of the Critical.IO and Internet Census 2012 scanning projects. This revealed a number of widespread security issues and painted a gloomy picture of an internet rife with insecurity. The problem is, this isn't news, and the situation continues to get worse. Rapid7 Labs believes the only way to make meaningful progress is through data sharing and collaboration across the security communi

4 min

Vaccinating systems against VM-aware malware

The neverending fight with malware forced researchers and security firms to develop tools and automated systems to facilitate the unmanageable amount of work they've been facing when dissecting malicious artifacts: from debuggers, monitoring tools to virtualized systems and sandboxes. On the other side, malware authors quickly picked them up as easy indicators of anomalies from their target victims' systems. This has initiated a still ongoing arms race between malware writers and malware analy

4 min

Internet Census 2012 - Thoughts

This week, an anonymous researcher published the results of an "Internet Census" - an internet-wide scan conducted using 420,000 insecure devices connected to the public internet and yielding data on used IP space, ports, device types, services and more. After scanning parts of the internet, the researcher found thousands of insecurely configured devices using insecure / default passwords on services and used this fact to make those devices into scanning nodes for his project. He logged into the

1 min

The Malware Lifecycle - Whiteboard Wednesday

The "Malware Lifecycle" is constantly evolving - the motivations and goals have changed in the past years and are completely different than what they historically used to be. Instead of being a skill demonstration and serving as proof-of-concepts we are nowadays mostly facing financially motivated threats and even industrial or national espionage becoming part of the problem. There are however a lot of possibilities for defending yourself, your company and your assets. Commercial and also sever