Posts by Roy Hodgman

8 min Haxmas

The Ghost of a Botnet (Possibly) Past

For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!

6 min Research

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file sharing protocol. It spreads to unpatched devices directly connected to the internet and, once inside an organization, those machines and devices behind the firew

6 min Research

The Data Science Process at Rapid7

Data Science is more than just math. A successful Data Science team and successful Data Science projects require relationships with outside teams, clear communication, as well as good decision making, problem solving and critical thinking abilities. Thus, when we talk about Data Science at Rapid7, we talk about the Data Science Process our teams use to take a Data Science project from inception to completion, where math and analysis are important, but not the only aspects of the project. What a

6 min Breach Response News

NCSAM: You Should Use a Password Manager

October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA [/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers] and the 30th anniversary of the CFAA - a problematic law that hinders beneficial security research. Throughout the month, we will be sharing content that enhances understanding of what independent security research

6 min Research

The Attacker's Dictionary

Rapid7 is publishing a report about the passwords attackers use when they scan the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA Conference this week, or online right here [https://information.rapid7.com/attackers-dictionary.html]. The following post describes some of what is investigated in the report. Announcing the Attacker's Dictionary Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] periodically scans the internet across a variety of ports and protocols

1 min

RiskRater Endpoint Report

Today we're releasing the second of three reports derived from our RiskRater [https://riskrater.rapid7.com/] research. The first report [http://www.rapid7.com/docs/mobile_aug_2013.pdf] focused on mobile devices and the BYOD movement. Today's report is concerned with endpoint devices and their security. Given that user endpoints are increasingly becoming the target of attacks, we were interested in how well the respondents: * Enable code execution prevention techniques * Block suspicious ema

3 min

Introducing RiskRater - a free tool for benchmarking endpoint, mobile and user risk management programs

Introductions After lurking for a little while, I'm starting to write on SecurityStreet today in order to introduce RiskRater [https://riskrater.rapid7.com/], a tool we've been working on recently. RiskRater is an interactive free tool designed to give security professionals a quick snapshot of how they are doing in terms of their security controls for endpoints, mobile devices and user-based risk. What Does RiskRater Do? We frequently hear from security professionals that they are under consta