4 min
Events
UNITED Summit: Day 2
After a jam-packed day one of Rapid7’s UNITED Summit
[/2017/09/13/united-summit-day-1/], the UNITED running club started the day
bright and early yet again.
The rest of us opened UNITED [https://unitedsummit.org/index.php] day two with a
fireside chat hosted by Jen Ellis [/author/jen-ellis], Rapid7 VP of Community
and Public Affairs, and a slew of prominent security commentators: Lares founder
Chris Nickerson [https://twitter.com/indi303], Mach37 Cyber’s
[https://twitter.com/MACH37cyber] man
2 min
Events
Rapid7 Rapid Fire at UNITED Summit: A Spirited Debate
Rapid Fire returned for the third time to the UNITED Security Summit and once
again brought together the infosec community to join the spirited debates. With
great questions and participation from the audience, the Rapid7 team would like
to first thank everyone who attended this evening – from our customers and
UNITED attendees, to the Boston infosec community.
Our panel this year featured:
* Josh Corman @joshcorman [https://twitter.com/joshcorman] (Founder, I am The
Cavalry)
* David Kenn
13 min
Vulnerability Disclosure
Multiple Disclosures for Multiple Network Management Systems, Part 2
As you may recall, back in December Rapid7 disclosed six vulnerabilities
[/2015/12/16/multiple-disclosures-for-multiple-network-management-systems] that
affect four different Network Management System (NMS) products, discovered by
Deral Heiland [https://twitter.com/percent_x] of Rapid7 and independent
researcher Matthew Kienow [https://twitter.com/hacksforprofit]. In March, Deral
followed up with another pair of vulnerabilities
[/2016/03/17/r7-2016-02-multiple-vulnerabilities-in-mangeengine-opu
6 min
Events
Rapid7 Takes Las Vegas: Black Hat, BSidesLV & DEF CON ... Talks, Parties & Giveaways... phew!
First things first:
You must be registered & confirmed to be able to attend our 2015 Black Hat
party. [http://bit.ly/Rapid7BH15]
I can't emphasize this enough: Unlike previous years, we are not doing any kind
of at-the-door registration for our party this year.
If your plan was to live in the spirit of utter spontaneity, roll up to the club
and see if you can happen to get in without registering beforehand -- you're
going to be disappointed, and we really don't want to see that happen! While w
4 min
Events
The Black Hat Attendee Guide Part 5a - The Magic of People
Joining us for the first time? This post is part of a series that starts right
here [/2015/07/13/the-black-hat-attendee-guide-part-1].
So this post is a bit of a bonus. I've asked my dear friend Quinton Jones
[https://www.linkedin.com/in/quintonjones] to share some wisdom and inspiration
on how he injects passion and energy into his introductions. He's simply
unforgettable, one of the greatest customer champions and business development
folks I know, thanks to his passion for people. Please enj
3 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup: T-Shirts, T-Shirts, & Some Modules
Black Hat T-Shirts!
Well, it's a week or so until DEF CON 23, and since you're all busy prepping all
your demos and presentations and panels and things, I figured I should remind
you that among all your gear, you should probably toss some clothes in your bag
before you head out the door. In case this slips your mind, though, don't sweat,
we have you covered.
Pictured at right is the winning design from the annual Metasploit T-Shirt
contest, submitted by LewisFX
[https://99designs.com/t-shirt-
5 min
Events
The Black Hat Attendee Guide Part 7a: Electronic Survival
If you're just joining us, this post is part of a Black Hat Attendee Guide
series that starts right here [/2015/07/13/the-black-hat-attendee-guide-part-1]
.**
When traveling to industry conferences, most people prepare their electronic
companions (laptops, cell phones, etc) by asking: “Did I pack the right charger
in my carry on?”
The premier gathering of the world's best and brightest hackers might be a great
opportunity for you to up your travel security game. This post serves as a quick
gui
5 min
Events
The Black Hat Attendee Guide Part 7: Your Survival Kit
Joining us for the first time? This post is part seven of a series that starts
right here [/2015/07/13/the-black-hat-attendee-guide-part-1].
Hacker Summer Camp is no joke, and you've got to have a game plan when you head
for Vegas. If you don't travel frequently, this is for you.
Ignoring sartorial conundrums and basic hygiene, this post is focused on keeping
your body operating at peak… or at least somewhat operational.
Vegas: It's nothing like home for most of us. Desert allergens, low humi
10 min
Events
The Black Hat Attendee Guide Part 6: The Sponsor Hall, Arsenal, and more
If you are just joining us, this is the sixth post in the series starting here
[/2015/07/13/the-black-hat-attendee-guide-part-1].
Conferences are magical and serendipitous. YouTube can't capture the electricity
you remember in the room as you tell someone “I watched Barnaby jackpot an ATM,”
as others echo back “I was there that year too!”
At technical conferences, the content leads the way—it is what brings us to the
show. Catching up on that research and work being done at “the tip of the spe
5 min
Events
The Black Hat Attendee Guide Part 5 - Meaningful Introductions
If you are just joining us, this is the fifth post in the series starting here
[/2015/07/13/the-black-hat-attendee-guide-part-1].
Making An Introduction
I might be wrong, but I'll argue that networking is a transitive verb, so
ENGAGE! The real magic starts happening as you progress:
* Level 1-- Start with a “Hi, my name is… ” Yes, it's that simple, thanks to
Slim Shady [https://youtu.be/dQw4w9WgXcQ?t=43s]
* Level 2-- Demonstrate that you have an idea of the world the other person
live
7 min
Events
The Black Hat Attendee Guide Part 2 - The Briefings
If you are just joining us, this is the second post in the series starting here
[/2015/07/13/the-black-hat-attendee-guide-part-1].
Content is king. Research is what binds us, and you should not be surprised that
some of the best in the game focus their annual research calendar on the Black
Hat USA CFP. Offensive security research is the tail that wags the dog—many
vendors and architects spend the year trying to get back in front of some of the
bombs dropped at Black Hat each year.
There's a
3 min
Events
The Black Hat Attendee Guide, Part 1 - How to Survive Black Hat
If you're like me, you have wanted to go to Black Hat
[http://blackhat.com/us-15/] for ages. If you're going, have a game plan. For
first timers, this series will be a primer full of guidance and survival tips.
For returning attendees, this will help maximize your experience at Black Hat.
First, I want to give you perspective on my bias, coloring guidance offered
here. My slant is that of someone who was a booth babe (sales engineer), a
speaker, an attendee, Review Board member and former Gen
3 min
Events
The Return of Rapid7 Rapid Fire: A spirited infosec debate, round 3
The topics: Controversial. The answers: Unfiltered. The alcohol: Plentiful.
I'm talking about Rapid7 Rapid Fire -- it's happening for a third time this June
in Boston. Bonus: This year, It's totally free and open to the public, so please
join us!
What is it?
It's a panel debate where we ask some big names in infosec to argue for or
against a number of controversial topics in our field. To make things
interesting, the panelists are often asked to debate a side of the argument they
might not ev
1 min
Metasploit
Nexpose and Metasploit Training and Certification Courses Filling Up Fast!
Looking to amp-up or fine-tune your security prowess? UNITED conference
attendees get the chance to do just that by registering for additional small
group training and certification courses (Nexpose Basic, Metasploit Basic, and
Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling
up quickly!
Save your spot now for two days of formalized, curriculum-based training with
Rapid7 experts [http://www.unitedsummit.org/new-registration.jsp]. You'll get
to:
* Share best p
4 min
Events
More SNMP Information Leaks: CVE-2014-4862 and CVE-2014-4863
Today, Rapid7 would like to disclose a pair of newly discovered vulnerabilities
around consumer and SOHO-grade cable modems, the Arris DOCSIS 3.0 (aka,
Touchstone cable modems) and Netmaster Wireless Cable Modems. Both exposures
were discovered by Rapid7's Deral Percent_X [https://twitter.com/Percent_X]
Heiland and independent researcher Matthew Kienow. The duo plan to discuss these
and other common vulnerabilities and configuration issues at DerbyCon near the
end of September. In the meantime,