Posts tagged Authentication

4 min Authentication

Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit

On Tuesday, November 18th, Microsoft released an out-of-band security patch affecting any Windows domain controllers that are not running in Azure. I have not yet seen any cute graphics or buzzword names for it, so it will likely be known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being exploited in the wild to completely take over Windows domains" because it rolls off the tongue a little better. There is a very informative description of the vulnerability, impact, and

3 min Networking

UserInsight Detects Network Zone Access Violations

Information security regulations are often vague and open to some interpretation, but one common theme across most is that you need to separate the systems with critical data from the rest of your network. The vast majority of employees in your organization should never have access to systems that: * process or store payment card data -- PCI DSS * qualify as Critical Cyber Assets (i.e. have a role in the operation of bulk power systems) -- NERC CIP * provide services not needed for intern

2 min Authentication

Top 3 Takeaways from "The New Frontier: Why Traditional, Signature Based Defenses Don't Work"

Hi all – It's me, Meredith and I'm back for my second installment on the Top 3 Takeaways from our Rapid7 webcasts. In last week's webcast with partner FireEye, we discussed “The New Frontier: Why Traditional, Signature Based Defenses Don't Work”.  Our panel of experts included Joshua Goldfarb, Chief Security Strategist of the Enterprise Forensics Group at FireEye and Nicholas J Percoco, VP of Strategic Services at Rapid7. Here are my Top 3 Takeaways on how to move beyond traditional, signature

3 min Incident Detection

Detecting Compromised Amazon Web Services (AWS) Accounts

As you move more of your critical assets to Amazon Web Services (AWS), you'll need to ensure that only authorized users have access. Three out of four breaches use compromised credentials, yet many companies struggle to detect their use. UserInsight enables organizations to detect compromised credentials, from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight monitors all administrator access to Amazon Web Services, so you can detect compromised credentials before they t

3 min Incident Detection

More Efficient Incident Detection and Investigation Saves $400,000 per Year, Says IDC

IDC just published an infographic on how credentials are abused by cyber criminals. These are interesting and important statistics: * 80% of companies will suffer at least one successful attack causing serious harm that requires remediation * 33% will not be able to prevent over half of the attacks These stats explain why many security experts are advising companies to shift their security spending to detection mechanisms instead of relying too heavily on prevention. Measuring incident c

3 min Antivirus

UserInsight's New User Statistics Provide Great Visibility for Incident Responders

Nate Silver made statistics sexy, and we're riding that wave. But seriously, breaking down some of the more noisy alerts on the network by users and showing you spikes can really help you detect and investigate unusual activity. That's why we've built a new UserInsight feature that shows you anti-virus alerts, vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users that show the most activity and enable you to dig in deeper by filtering by user. You can get to the new st

2 min Authentication

Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host

IT professionals set up service accounts to enable automated processes, such as backup services and network scans. In UserInsight, we can give you quick visibility into service accounts by detecting which accounts do not have password expiration enabled. Many UserInsight subscribers love this simple feature, which is available the instant they have integrated their LDAP directory with UserInsight. In addition, UserInsight has several new ways to detect compromised service accounts. To do their

2 min Metasploit

Detecting the Use of Stolen Passwords

Rarely in life will software vendors let you in on some of their secret sauce. Rapid7 obviously believes in information sharing and the open source community, so in that same vein, the UserInsight team decided to write a guide to gathering the right data to fully understand how stolen passwords are being (mis)used in your organization. The result is a Technical Paper [https://information.rapid7.com/Incident-Response-Detect-More-than-Pass-the-Hash.html] called "Why You Need to Detect More Than

2 min Authentication

Top 2 Takeaways from the "Incident Response: Why You Need to Detect More Than Pass the Hash" Webcast

This week's webcast featured Matt Hathaway, Senior Manager of Platform Products at Rapid7, and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7, as they spoke on, “Incident Response: Why You Need to Detect More Than Pass the Hash [https://information.rapid7.com/detecting-more-than-pass-the-hash.html?CS=blog] ”. This technical webinar emphasized how compromised credentials are a key predatory weapon in the attacker's arsenal, and featured an in-depth discussion of indicators of compro

3 min Authentication

Find the Shared Credentials That Make Security Sad

No matter what risk framework or security standards you hold most dear, I know for sure that you consider users sharing accounts to be a violation of the common sense that is the necessary foundation of any security awareness training. When the UserInsight team set out to identify evasive attacker behaviors like "account impersonation" and "local credential testing" (that I covered in a blog you can read here [/2014/08/19/lateral-movement-not-just-for-t3h-1337-h4x02]), one of the most important

2 min Windows

Mitigating Service Account Credential Theft

I am excited to announce a new whitepaper, Mitigating Service Account Credential Theft [https://hdm.io/writing/Mitigating%20Service%20Account%20Credential%20Theft%20on%20Windows.pdf] on Windows. This paper was a collaboration between myself, Joe Bialek of Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is shown below, Over the last 15 years, the Microsoft Windows ecosystem has expanded with the meteoric rise of the internet, business technology, and computing in gene

3 min Authentication

Weekly Metasploit Update

Loginpalooza, the Great Credential Refactor In August, we ran a little contest here in the People's Republic of Metasploit to see about converting a pile of credential-gathering modules to the new after the release of Metasploit 4.10. Today, I'm happy to announce the winners: First place goes to Tom Sellers [https://twitter.com/TomSellers], for his work on a number of modules [https://github.com/rapid7/metasploit-framework/issues?q=author%3Atomsellers+label%3Aloginpalooza] and constant feedbac

1 min Metasploit

Top 2 Takeaways from the "Credentials are the New Exploits: How to Effectively Use Credentials in Penetration Tests" Webcast

This week, Christian Kirsch [https://community.rapid7.com/people/ckirsch] enlightened us about the latest trend in attacker methodologies: Credentials. In the webcast, "Credentials are the New Exploits: How to Effectively Use Credentials in Penetration Tests [https://information.rapid7.com/creds-are-the-new-exploits-registration.html?CS=blog] ", we learned why credential abuse is in vogue, and what penetration testers can do to tackle this head on with as much efficiency and proficiency as poss

2 min Metasploit

Feedback on Rapid7's Tech Preview Process and Metasploit Pro 4.10

By guest blogger Sean Duffy, IS Team Lead, TriNet Rapid7 invited me to participate in pre-release testing of Metasploit 4.10, a process they call Tech Preview. They asked me to openly share my thoughts with the community. Preparation and Logistics I always enjoy working with Rapid7. Preparatory meetings and documentation made the installation and testing process a breeze. Rapid7 was also kind enough to extend my testing and feedback sessions when work so rudely intruded on the fun. Zero compla

4 min Metasploit

Hunting for Credentials: How Metasploit Pro Beat Me on the Command Line

By guest blogger Robert Jones, Information Security Manager, City of Corpus Christi I had the opportunity to participate in a tech preview of Metasploit Pro's new credentials features. In our shop, we use Metasploit Pro, Nexpose, UserInsight and ControlsInsight, all by Rapid7. I certainly wish I could spend the majority of my time pentesting, but instead I often times I find myself using Metasploit to educate users by showing them how I can compromise their machines. It is incredibly compelling