Posts tagged Authentication

3 min Authentication

If Employee Passwords Get Exposed by Third-Party Breach, Does Your System Make a Sound?

Stolen credentials are the number one attack vector behind breaches1. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without malware. Phishing & malware are great ways to steal credentials, but there's another, much easier way that's largely outside of one's control – third party breaches. The way it works is simple. A company employee uses their work email (e.g. eric_mo

2 min User Behavior Analytics

[5 Min Demo] Detect Stealthy Attacks with Behavior Analytics

How do intruders get into your network? They choose the most economically friendly methods that get in with the least resistance. For five years now, this has been compromised credentials – the use of stolen passwords to mask as corporate employees. By gaining access to one of the many accounts your employees use across the network, cloud services, and endpoints, attackers can build a presence, scan for targets, move laterally to other machines, and exfiltrate critical data. Related Resource:

2 min Penetration Testing

Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast

Penetration Tests are a key part of assuring strong security, so naturally, security professionals are very curious about how this best practice goes down from the pen tester perspective. Jack Daniel, Director of Services at Rapid7 with 13 years of penetration testing under his belt, recently shared which flaws pen testers are regularly using to access sensitive data on the job in the webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests [

4 min HIPAA

UserInsight Helps Healthcare Providers Detect Intruders & Fulfill HIPAA Compliance

With Protected Health Information (PHI) records commanding the highest prices on the cybercrime market, it's no surprise that more and more healthcare organizations (66%) are experiencing a significant security incident1. Related Resource: Download our beginner's guide to User Behavior Analytics with UserInsight Toolkit [] Our intruder and user behavior analytics [

5 min Metasploit

Safely Dumping Domain Hashes, with Meterpreter

UPDATE: It has been pointed out that there is prior work worth noting. This blog post [] by Damon Cortesi [] talked about using Volume Shadow Copy to get the SAM file back in 2005. As with all things in our Industry, we stand on the shoulders of those who came before us. We would certainly not want to take away from anyone else's previous work and accomplishments. Dumping the stored password

2 min Authentication

UserInsight Detects Attacks Using Intruder Tools to Steal Credentials

Attackers will always gravitate to the cheapest and most effective way to get into a network. According to the latest Verizon Data Breach Investigations Report, compromised credentials have been the top attacker methodology for two years in a row now. Credentials enable attackers to move through the network undetected because most companies still have no way to detect them, so attackers enjoy excellent economics. UserInsight has always focused on detecting compromised credentials, but most peop

2 min AppSpider

Top 10 Business Logic Attack Vectors

I thought I'd take a moment to dig a little deeper on our whitepaper titled “Top 10 Business Logic Attack Vectors." Why did we write this paper? 1. Business logic vulnerabilities are not new, but these vulnerabilities are common, dangerous and are too often untested. 2. Security experts need to know that these must be tested manually and must not be overlooked. It is imperative to complement automated testing process with a human discovery of security risks that can be exploited

3 min Incident Response

Detecting Intruders Early Can Ruin Their Business Model

If you look at attackers as faceless, sophisticated digital ninjas, it instills fear, but doesn't really help to stop them. While there are many motivations for attacking an organization and stealing its data, the most frequent are based on money. This is why it sometimes helps to view them as you would any other business: as having costs and needing to generate revenue to survive. Attacker groups are similar to high-tech startups There is a thriving economy full of people who breach organizati

2 min Authentication

Top 3 Takeaways from the "Planning for Failure: How to Succeed at Detecting Intruders on your Network" Webcast

Last week, Rick Holland, Principal Analyst at Forrester Research joined Christian Kirsch [/author/christian-kirsch] to discuss the concept of planning for failure in your security programs by being equipped to detect and investigate effectively when intruders get past your defenses. Read on to learn the top takeaways from their discussion on “Planning for Failure: How to Succeed at Detecting Intruders on your Network [

7 min PCI

Webcast Followup: Escalate Your Efficiency

Last week, we had a live webcast to talk about how Metasploit Pro helps pentesters be more efficient and save time. There were so many attendees, which made it possible to have great conversation. First of all, I want to thank you folks who have taken the time from their busy schedules to watch us live. There were many questions our viewers asked us, and we were not able to answer all of them due to time limitations. In this post, you will find the answers for those questions. First things fir

2 min PCI

Top 3 Takeaways from the "Escalate your Efficiency: How to Save Time on Penetration Testing" Webcast

Penetration Testing is a complex process that requires attention to detail, multi-tasking, extensive knowledge of different attack vectors, available vulnerabilities and exploits, and patience. Recently erayymz [], Senior Product Manager at Rapid7 spoke with pen testing professionals Leon Johnson, Senior Consultant at Rapid7, and Dustin Heywood, Manager of Security Assurance at ATB Financial. They discussed how to take advantage of automation with Metasploit Pro to sim

3 min Malware

"Skeleton Key" Exhibits Increased Blending Of Credentials And Malware

Dell SecureWorks published a very informative blog [] this week about a new type of malware they have appropriately labeled “Skeleton Key”. Our community manager quickly wrote a note of appreciation for setting a great example through disclosure and a quick mitigation strategy [/2015/01/14/effective-information-sharing-exposing-skeleton-key?] that every security professional should

5 min Authentication

The Sony Breach Demonstrates The Importance Of Moving Beyond Perimeter Defense

If you force yourself to forget the attribution argument over the recent attack on Sony Pictures Entertainment, you need to recognize that too little effort has been made to learn from the technical details of the attack, and while the technology was not as sophisticated as some believe, there are definitely important lessons here for those charged with protecting their organization. Prevention and detection are universally too focused on the perimeter Getting in may be the hardest part for a

9 min Metasploit

12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever

This post is the fourth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. This summer, the Metasploit team began the large undertaking of reworking credentials throughout the project. Metasploit, as you already know, began as a collection of traditional exploits. Over the years it has grown into much more than that. Credentials were first introduced into Metasploit in the form of Auxiliary Sc

6 min Haxmas

12 Days of HaXmas: MS14-068, now in Metasploit!

This post is the first in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2014. Hello everyone and Happy HaXmas! In November of 2014, a really interesting vulnerability was published on Microsoft Windows Kerberos, maybe you have already heard about it... MS14-068 []. Microsoft published an blog post [