2 min
PCI
Top 3 Takeaways from the "Escalate your Efficiency: How to Save Time on Penetration Testing" Webcast
Penetration Testing is a complex process that requires attention to detail,
multi-tasking, extensive knowledge of different attack vectors, available
vulnerabilities and exploits, and patience. Recently erayymz
[https://twitter.com/erayymz], Senior Product Manager at Rapid7 spoke with pen
testing professionals Leon Johnson, Senior Consultant at Rapid7, and Dustin
Heywood, Manager of Security Assurance at ATB Financial. They discussed how to
take advantage of automation with Metasploit Pro to sim
3 min
Malware
"Skeleton Key" Exhibits Increased Blending Of Credentials And Malware
Dell SecureWorks published a very informative blog
[http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/]
this week about a new type of malware they have appropriately labeled “Skeleton
Key”. Our community manager quickly wrote a note of appreciation for setting a
great example through disclosure and a quick mitigation strategy
[/2015/01/14/effective-information-sharing-exposing-skeleton-key?et=watches.email.blog]
that every security professional should
5 min
Authentication
The Sony Breach Demonstrates The Importance Of Moving Beyond Perimeter Defense
If you force yourself to forget the attribution argument over the recent attack
on Sony Pictures Entertainment, you need to recognize that too little effort has
been made to learn from the technical details of the attack, and while the
technology was not as sophisticated as some believe, there are definitely
important lessons here for those charged with protecting their organization.
Prevention and detection are universally too focused on the perimeter
Getting in may be the hardest part for a
9 min
Metasploit
12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
This summer, the Metasploit team began the large undertaking of reworking
credentials throughout the project. Metasploit, as you already know, began as a
collection of traditional exploits. Over the years it has grown into much more
than that. Credentials were first introduced into Metasploit in the form of
Auxiliary Sc
4 min
Authentication
Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit
On Tuesday, November 18th, Microsoft released an out-of-band security patch
affecting any Windows domain controllers that are not running in Azure. I have
not yet seen any cute graphics or buzzword names for it, so it will likely be
known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being
exploited in the wild to completely take over Windows domains" because it rolls
off the tongue a little better.
There is a very informative description of the vulnerability, impact, and
3 min
Networking
UserInsight Detects Network Zone Access Violations
Information security regulations are often vague and open to some
interpretation, but one common theme across most is that you need to separate
the systems with critical data from the rest of your network. The vast majority
of employees in your organization should never have access to systems that:
* process or store payment card data -- PCI DSS
* qualify as Critical Cyber Assets (i.e. have a role in the operation of bulk
power systems) -- NERC CIP
* provide services not needed for intern
2 min
Authentication
Top 3 Takeaways from "The New Frontier: Why Traditional, Signature Based Defenses Don't Work"
Hi all – It's me, Meredith and I'm back for my second installment on the Top 3
Takeaways from our Rapid7 webcasts. In last week's webcast with partner FireEye,
we discussed “The New Frontier: Why Traditional, Signature Based Defenses Don't
Work”. Our panel of experts included Joshua Goldfarb, Chief Security Strategist
of the Enterprise Forensics Group at FireEye and Nicholas J Percoco, VP of
Strategic Services at Rapid7.
Here are my Top 3 Takeaways on how to move beyond traditional, signature
3 min
Incident Detection
Detecting Compromised Amazon Web Services (AWS) Accounts
As you move more of your critical assets to Amazon Web Services (AWS), you'll
need to ensure that only authorized users have access. Three out of four
breaches use compromised credentials, yet many companies struggle to detect
their use. UserInsight enables organizations to detect compromised credentials,
from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight
monitors all administrator access to Amazon Web Services, so you can detect
compromised credentials before they t
3 min
Incident Detection
More Efficient Incident Detection and Investigation Saves $400,000 per Year, Says IDC
IDC just published an infographic on how credentials are abused by cyber
criminals. These are interesting and important statistics:
* 80% of companies will suffer at least one successful attack causing serious
harm that requires remediation
* 33% will not be able to prevent over half of the attacks
These stats explain why many security experts are advising companies to shift
their security spending to detection mechanisms instead of relying too heavily
on prevention.
Measuring incident c
3 min
Antivirus
UserInsight's New User Statistics Provide Great Visibility for Incident Responders
Nate Silver made statistics sexy, and we're riding that wave. But seriously,
breaking down some of the more noisy alerts on the network by users and showing
you spikes can really help you detect and investigate unusual activity. That's
why we've built a new UserInsight feature that shows you anti-virus alerts,
vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users
that show the most activity and enable you to dig in deeper by filtering by
user. You can get to the new st
2 min
Authentication
Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host
IT professionals set up service accounts to enable automated processes, such as
backup services and network scans. In UserInsight, we can give you quick
visibility into service accounts by detecting which accounts do not have
password expiration enabled. Many UserInsight subscribers love this simple
feature, which is available the instant they have integrated their LDAP
directory with UserInsight. In addition, UserInsight has several new ways to
detect compromised service accounts.
To do their
2 min
Metasploit
Detecting the Use of Stolen Passwords
Rarely in life will software vendors let you in on some of their secret sauce.
Rapid7 obviously believes in information sharing and the open source community,
so in that same vein, the UserInsight team decided to write a guide to gathering
the right data to fully understand how stolen passwords are being (mis)used in
your organization. The result is a Technical Paper
[https://information.rapid7.com/Incident-Response-Detect-More-than-Pass-the-Hash.html]
called "Why You Need to Detect More Than
2 min
Authentication
Top 2 Takeaways from the "Incident Response: Why You Need to Detect More Than Pass the Hash" Webcast
This week's webcast featured Matt Hathaway, Senior Manager of Platform Products
at Rapid7, and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7, as
they spoke on, “Incident Response: Why You Need to Detect More Than Pass the
Hash
[https://information.rapid7.com/detecting-more-than-pass-the-hash.html?CS=blog]
”. This technical webinar emphasized how compromised credentials are a key
predatory weapon in the attacker's arsenal, and featured an in-depth discussion
of indicators of compro
3 min
Authentication
Find the Shared Credentials That Make Security Sad
No matter what risk framework or security standards you hold most dear, I know
for sure that you consider users sharing accounts to be a violation of the
common sense that is the necessary foundation of any security awareness
training.
When the UserInsight team set out to identify evasive attacker behaviors like
"account impersonation" and "local credential testing" (that I covered in a blog
you can read here [/2014/08/19/lateral-movement-not-just-for-t3h-1337-h4x02]),
one of the most important
2 min
Windows
Mitigating Service Account Credential Theft
I am excited to announce a new whitepaper, Mitigating Service Account
Credential
Theft
[https://hdm.io/writing/Mitigating%20Service%20Account%20Credential%20Theft%20on%20Windows.pdf]
on Windows. This paper was a collaboration between myself, Joe Bialek of
Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is
shown below,
Over the last 15 years, the Microsoft Windows ecosystem has expanded with the
meteoric rise of the internet, business technology, and computing in gene