12 Days of HaXmas: Beginner Threat Intelligence with Honeypots
This post is the 12th in the series, "12 Days of HaXmas."
So the Christmas season is here, and between ordering gifts and drinking
what better way to spend your time than sieve through some honeypot / firewall /
IDS logs and try to make sense of it, right?
At Rapid7 Labs, we're not only scanning the internet
[https://sonar.labs.rapid7.com/], but also looking at who out there is scanning
by making use of ho
R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities
Rapid7 Labs has found multiple vulnerabilities in Hikvision
[http://www.hikvision.com/] DVR (Digital Video Recorder) devices such as the
DS-7204 [http://www.hikvision.com/en/Products_show.asp?id=7318] and other models
in the same product series that allow a remote attacker to gain full control of
the device. More specifically, three typical buffer overflow vulnerabilities
were discovered in Hikvision's RTSP request handling code: CVE-2014-4878,
CVE-2014-4879 and CVE-2014-4880. This blog post s
Scanning All The Things
Over the past year, the Rapid7 Labs team has conducted large scale analysis on
the data coming out of the Critical.IO and Internet Census 2012 scanning
projects. This revealed a number of widespread security issues and painted a
gloomy picture of an internet rife with insecurity. The problem is, this isn't
news, and the situation continues to get worse. Rapid7 Labs believes the only
way to make meaningful progress is through data sharing and collaboration across
the security communi
Vaccinating systems against VM-aware malware
The neverending fight with malware forced researchers and security firms to
develop tools and automated systems to facilitate the unmanageable amount of
work they've been facing when dissecting malicious artifacts: from debuggers,
monitoring tools to virtualized systems and sandboxes.
On the other side, malware authors quickly picked them up as easy indicators of
anomalies from their target victims' systems.
This has initiated a still ongoing arms race between malware writers and malware
Internet Census 2012 - Thoughts
This week, an anonymous researcher published the results of an "Internet Census"
- an internet-wide scan conducted using 420,000 insecure devices connected to
the public internet and yielding data on used IP space, ports, device types,
services and more. After scanning parts of the internet, the researcher found
thousands of insecurely configured devices using insecure / default passwords on
services and used this fact to make those devices into scanning nodes for his
project. He logged into the
The Malware Lifecycle - Whiteboard Wednesday
The "Malware Lifecycle" is constantly evolving - the motivations and goals have
changed in the past years and are completely different than what they
historically used to be. Instead of being a skill demonstration and serving as
proof-of-concepts we are nowadays mostly facing financially motivated threats
and even industrial or national espionage becoming part of the problem.
There are however a lot of possibilities for defending yourself, your company
and your assets. Commercial and also sever