Posts tagged Authentication

3 min InsightIDR

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before he or she accesses your critical assets. This is not only good for you (no monetary data is stolen), but it's also critical because this is the only time in the chain that the intruder is at a disadvantage. Once an attacker has an i

2 min Authentication

Why do we keep forcing short-term password changes?

This is a guest post from our frequent contributor Kevin Beaver [/author/kevinbeaver/]. You can read all of his previous guest posts here [/author/kevinbeaver/]. I'm often asked by friends and colleagues: Why do I have to change my password every 30 or 60 days? My response is always the same: Odds are good that it's because that's the way that it's always been done. Or, these people might have a super strict IT manager who likes to show - on paper - that his or her environment is "locked down."

4 min Incident Detection

IDC: 70% of Successful Breaches Originate on the Endpoint

This is part 2 of a blog post series on a new IDC infographic covering new data on compromised credentials and incident detection [] . Check out part 1 now [/2014/11/10/more-efficient-incident-detection-and-investigation-saves-400000-per-year-says-idc] if you missed it. Most organizations focus on their server infrastructure when thinking about security – a fact we often see in our Ne

4 min Authentication

Brute Force Attacks Using US Census Bureau Data

Currently one of the most successful methods for compromising an organization is via password-guessing attacks. To gain access to an organization using brute force attack [] methods, there are a minimum of three things a malicious actor needs: A username, a password, and a target. Often the targets are easy to discover, and typically turn out to be email systems such as Outlook Web Access (OWA) or VPN solutions that are expo

6 min Research

The Attacker's Dictionary

Rapid7 is publishing a report about the passwords attackers use when they scan the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA Conference this week, or online right here []. The following post describes some of what is investigated in the report. Announcing the Attacker's Dictionary Rapid7's Project Sonar [] periodically scans the internet across a variety of ports and protocols

3 min Authentication

Simple Network Management Protocol (SNMP) Best Practices

By Deral Heiland, Research Lead, and Brian Tant, Senior Consultant, of Rapid7 Global Services Over the past several years while conducting security research in the area of Simple Network Management Protocol (SNMP) and presenting those findings at conferences around the world we are constantly approached with the same question: “What are the best practices for securing SNMP”? The first thing to remember about SNMP versions 1, 2, and 2c is that the community strings used for authentication are c

1 min Incident Detection

Get the 2015 Incident Detection & Response Survey Results!

In order to learn more about the strategic initiatives, current tools used, and challenges security teams are facing today, we surveyed 271 security professionals hailing from organizations across the globe. We were able to get fantastic responses representing companies from all sizes and industries, including healthcare, finance, retail, and government. On January 21st, we will be hosting a webcast with full analysis of the results. Register now and get the full report today. [http://www.ra

3 min Nexpose

Nexpose Two Factor Authentication

For organizations that want additional security upon login, Nexpose and the Rapid7 Nexpose-Client Ruby Gem will support Two Factor Authentication as of the January 6, 2016 release. Two Factor Authentication requires the use of a time-based one-time password application such as Google Authenticator. Two Factor Authentication can only be enabled by a Global Administrator on the Security Console. To enable Two Factor Authentication: 1. As a Global Administrator, go to the Administration tab. 2.

2 min Authentication

Understanding User Behavior Analytics

Hey everyone! I'm pleased to announce that we've put together another pretty fun research report here in the not-terribly-secret overground labs here at Rapid7: Understanding User Behavior Analytics. You can download it over here [] . Modern enterprise breaches tend to make heavy use of misbehaving user accounts. Not the users -- the people typing at keyboards or poking at their smartphones -- but user accounts.

3 min Authentication

If Employee Passwords Get Exposed by Third-Party Breach, Does Your System Make a Sound?

Stolen credentials are the number one attack vector behind breaches1. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without malware. Phishing & malware are great ways to steal credentials, but there's another, much easier way that's largely outside of one's control – third party breaches. The way it works is simple. A company employee uses their work email (e.g. eric_mo

2 min User Behavior Analytics

[5 Min Demo] Detect Stealthy Attacks with Behavior Analytics

How do intruders get into your network? They choose the most economically friendly methods that get in with the least resistance. For five years now, this has been compromised credentials – the use of stolen passwords to mask as corporate employees. By gaining access to one of the many accounts your employees use across the network, cloud services, and endpoints, attackers can build a presence, scan for targets, move laterally to other machines, and exfiltrate critical data. Related Resource:

2 min Penetration Testing

Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast

Penetration Tests are a key part of assuring strong security, so naturally, security professionals are very curious about how this best practice goes down from the pen tester perspective. Jack Daniel, Director of Services at Rapid7 with 13 years of penetration testing under his belt, recently shared which flaws pen testers are regularly using to access sensitive data on the job in the webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests [

5 min Metasploit

Safely Dumping Domain Hashes, with Meterpreter

UPDATE: It has been pointed out that there is prior work worth noting. This blog post [] by Damon Cortesi [] talked about using Volume Shadow Copy to get the SAM file back in 2005. As with all things in our Industry, we stand on the shoulders of those who came before us. We would certainly not want to take away from anyone else's previous work and accomplishments. Dumping the stored password

2 min Authentication

UserInsight Detects Attacks Using Intruder Tools to Steal Credentials

Attackers will always gravitate to the cheapest and most effective way to get into a network. According to the latest Verizon Data Breach Investigations Report, compromised credentials have been the top attacker methodology for two years in a row now. Credentials enable attackers to move through the network undetected because most companies still have no way to detect them, so attackers enjoy excellent economics. UserInsight has always focused on detecting compromised credentials, but most peop

2 min AppSpider

Top 10 Business Logic Attack Vectors

I thought I'd take a moment to dig a little deeper on our whitepaper titled “Top 10 Business Logic Attack Vectors." Why did we write this paper? 1. Business logic vulnerabilities are not new, but these vulnerabilities are common, dangerous and are too often untested. 2. Security experts need to know that these must be tested manually and must not be overlooked. It is imperative to complement automated testing process with a human discovery of security risks that can be exploited