Posts tagged Authentication

2 min PCI

Top 3 Takeaways from the "Escalate your Efficiency: How to Save Time on Penetration Testing" Webcast

Penetration Testing is a complex process that requires attention to detail, multi-tasking, extensive knowledge of different attack vectors, available vulnerabilities and exploits, and patience. Recently erayymz [], Senior Product Manager at Rapid7 spoke with pen testing professionals Leon Johnson, Senior Consultant at Rapid7, and Dustin Heywood, Manager of Security Assurance at ATB Financial. They discussed how to take advantage of automation with Metasploit Pro to sim

3 min Malware

"Skeleton Key" Exhibits Increased Blending Of Credentials And Malware

Dell SecureWorks published a very informative blog [] this week about a new type of malware they have appropriately labeled “Skeleton Key”. Our community manager quickly wrote a note of appreciation for setting a great example through disclosure and a quick mitigation strategy [/2015/01/14/effective-information-sharing-exposing-skeleton-key?] that every security professional should

5 min Authentication

The Sony Breach Demonstrates The Importance Of Moving Beyond Perimeter Defense

If you force yourself to forget the attribution argument over the recent attack on Sony Pictures Entertainment, you need to recognize that too little effort has been made to learn from the technical details of the attack, and while the technology was not as sophisticated as some believe, there are definitely important lessons here for those charged with protecting their organization. Prevention and detection are universally too focused on the perimeter Getting in may be the hardest part for a

9 min Metasploit

12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever

This post is the fourth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. This summer, the Metasploit team began the large undertaking of reworking credentials throughout the project. Metasploit, as you already know, began as a collection of traditional exploits. Over the years it has grown into much more than that. Credentials were first introduced into Metasploit in the form of Auxiliary Sc

4 min Authentication

Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit

On Tuesday, November 18th, Microsoft released an out-of-band security patch affecting any Windows domain controllers that are not running in Azure. I have not yet seen any cute graphics or buzzword names for it, so it will likely be known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being exploited in the wild to completely take over Windows domains" because it rolls off the tongue a little better. There is a very informative description of the vulnerability, impact, and

3 min Networking

UserInsight Detects Network Zone Access Violations

Information security regulations are often vague and open to some interpretation, but one common theme across most is that you need to separate the systems with critical data from the rest of your network. The vast majority of employees in your organization should never have access to systems that: * process or store payment card data -- PCI DSS * qualify as Critical Cyber Assets (i.e. have a role in the operation of bulk power systems) -- NERC CIP * provide services not needed for intern

2 min Authentication

Top 3 Takeaways from "The New Frontier: Why Traditional, Signature Based Defenses Don't Work"

Hi all – It's me, Meredith and I'm back for my second installment on the Top 3 Takeaways from our Rapid7 webcasts. In last week's webcast with partner FireEye, we discussed “The New Frontier: Why Traditional, Signature Based Defenses Don't Work”.  Our panel of experts included Joshua Goldfarb, Chief Security Strategist of the Enterprise Forensics Group at FireEye and Nicholas J Percoco, VP of Strategic Services at Rapid7. Here are my Top 3 Takeaways on how to move beyond traditional, signature

3 min Incident Detection

Detecting Compromised Amazon Web Services (AWS) Accounts

As you move more of your critical assets to Amazon Web Services (AWS), you'll need to ensure that only authorized users have access. Three out of four breaches use compromised credentials, yet many companies struggle to detect their use. UserInsight enables organizations to detect compromised credentials, from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight monitors all administrator access to Amazon Web Services, so you can detect compromised credentials before they t

3 min Incident Detection

More Efficient Incident Detection and Investigation Saves $400,000 per Year, Says IDC

IDC just published an infographic on how credentials are abused by cyber criminals. These are interesting and important statistics: * 80% of companies will suffer at least one successful attack causing serious harm that requires remediation * 33% will not be able to prevent over half of the attacks These stats explain why many security experts are advising companies to shift their security spending to detection mechanisms instead of relying too heavily on prevention. Measuring incident c

3 min Antivirus

UserInsight's New User Statistics Provide Great Visibility for Incident Responders

Nate Silver made statistics sexy, and we're riding that wave. But seriously, breaking down some of the more noisy alerts on the network by users and showing you spikes can really help you detect and investigate unusual activity. That's why we've built a new UserInsight feature that shows you anti-virus alerts, vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users that show the most activity and enable you to dig in deeper by filtering by user. You can get to the new st

2 min Authentication

Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host

IT professionals set up service accounts to enable automated processes, such as backup services and network scans. In UserInsight, we can give you quick visibility into service accounts by detecting which accounts do not have password expiration enabled. Many UserInsight subscribers love this simple feature, which is available the instant they have integrated their LDAP directory with UserInsight. In addition, UserInsight has several new ways to detect compromised service accounts. To do their

2 min Metasploit

Detecting the Use of Stolen Passwords

Rarely in life will software vendors let you in on some of their secret sauce. Rapid7 obviously believes in information sharing and the open source community, so in that same vein, the UserInsight team decided to write a guide to gathering the right data to fully understand how stolen passwords are being (mis)used in your organization. The result is a Technical Paper [] called "Why You Need to Detect More Than

2 min Authentication

Top 2 Takeaways from the "Incident Response: Why You Need to Detect More Than Pass the Hash" Webcast

This week's webcast featured Matt Hathaway, Senior Manager of Platform Products at Rapid7, and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7, as they spoke on, “Incident Response: Why You Need to Detect More Than Pass the Hash [] ”. This technical webinar emphasized how compromised credentials are a key predatory weapon in the attacker's arsenal, and featured an in-depth discussion of indicators of compro

3 min Authentication

Find the Shared Credentials That Make Security Sad

No matter what risk framework or security standards you hold most dear, I know for sure that you consider users sharing accounts to be a violation of the common sense that is the necessary foundation of any security awareness training. When the UserInsight team set out to identify evasive attacker behaviors like "account impersonation" and "local credential testing" (that I covered in a blog you can read here [/2014/08/19/lateral-movement-not-just-for-t3h-1337-h4x02]), one of the most important

2 min Windows

Mitigating Service Account Credential Theft

I am excited to announce a new whitepaper, Mitigating Service Account Credential Theft [] on Windows. This paper was a collaboration between myself, Joe Bialek of Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is shown below, Over the last 15 years, the Microsoft Windows ecosystem has expanded with the meteoric rise of the internet, business technology, and computing in gene