Posts tagged Hacking

3 min Research

25 Years of Nmap: Happy Scan-iversary!

On September 1, 1997, the open-source security scanner Nmap was released. Our Director of Research Tod Beardsley reflects on the 25th anniversary.

11 min Public Policy

Hack Back Is Still Wack

The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.

5 min Metasploit

Metasploit Hackathon Wrap-Up: What We Worked On

As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.

4 min Project Sonar

VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices

(Many thanks to Rebekah Brown [/author/rebekah-brown/] & Derek Abdine for their contributions to the post.) How does VPNFilter work? Over the past few weeks, Cisco’s Talos [] group has published some significant new research [] on a new malware family called VPNFilter. VPNFilter targets and compromises networking devices to monitor the traffic that goes through them. The mal

7 min Metasploit

Hiding Metasploit Shellcode to Evade Windows Defender

Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them. If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Penetration testers and red teamers suffer the most from this while using Metasploit [], which forced me to look into how to

6 min Hacking

Getting Started in Ethical Hacking

A while back, a Twitter user [] asked us the following question: > I have a friend who is looking into ethical hacking. She is also a broke college student so do you know of any free for affordable resources she can use? Ethical hackers use their knowledge of vulnerabilities to help defend against criminals, hacktivists, and nation-state attackers (and sometimes, mischievous pranksters). They need a solid background in writing softwar

3 min Rapid7 Perspective

On Random Shell Generators

A couple days ago, [] was released by a person named Real__Vector []. It’s safe to say that it’s made some waves in the security Twitterverse, and a few people have asked us here at Rapid7 what we think about it given the project’s inclusion of Metasploit, so we figured a short blog might be in order. The debate around it is actually pretty nuanced. I don’t think anyone believes is 100% evil or 10

7 min Hacking

Hacking the Election: What to Expect

Today, we're less than fifty days from the next U.S. presidential election, and over the next couple months, I fully expect to see a lot of speculation over the likelihood of someone "hacking the election." But what does that even mean? The U.S. election system is a massively complex tangle of technology, and, at first, second, and third glance, it appears to embody the absolute worst practices when it comes to information security. There are cleartext, Internet-based entry points to the voting

6 min Metasploit

Pentesting in the Real World: Group Policy Pwnage

This is the third in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at [] Bac

5 min Penetration Testing

SNMP Data Harvesting During Penetration Testing

A few months back I posted a blog entry, SNMP Best Practices [/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give guidance on best methods to reduce security risks as they relate to SNMP. Now that everyone has had time to fix all those issues, I figured it's time to give some guidance to penetration testers and consultants on how to exploit exposed SNMP services by harvesting data and using it to expand their attack footprint. The first question when approaching SNMP is

2 min Hacking

All About the Very First Rapid7 Hacker Games

We just completed our first successful run of the first-ever Rapid7 Hacker Games competition, so I thought it'd be appropriate to do a little write-up on all the fun activities. So, what exactly is the Rapid7 Hacker Games competition? Well, a hacking competition! Specifically, a hacking competition for teams of university students set up via a virtual lab, so all participants could compete simultaneously from a remote location of their choosing. Each university fielded a team of up to 5 studen

3 min Cloud Infrastructure

#IoTSec and the Business Impact of Hacked Baby Monitors

By now, you've probably caught wind of Mark Stanislav's ten newly disclosed vulnerabilities last week, or seen our whitepaper on baby monitor security – if not, head on over to the IoTSec resources page []. You may also have noticed that Rapid7 isn't really a Consumer Reports-style testing house for consumer gear. We're much more of an enterprise security services and products company, so what's the deal with the baby monitors? Why spend time and effort on

1 min Vulnerability Disclosure

#IoTsec AMA on Reddit: Sept. 9 @ 3:30pm EST with Mark Stanislav & Tod Beardsley

[update 3pm EST Sept 9] This AMA is now live! The direct link is here: Join us and ask your questions! Following up on their research on IoT baby monitor vulns [], Mark Stanislav [] & Tod Beardsley [] will be doing an Ask Me Anything (AMA) on Reddit in r/IAMA this Wednesday, September 9, at 3:30pm EST. They'll be a

12 min Vulnerability Disclosure

#IoTsec Disclosure: 10 New Vulnerabilities for Several Video Baby Monitors

Usually, these disclosure notices contain one, maybe two vulnerabilities on one product. Not so for this one; we've got ten new vulnerabilities to disclose today. If you were out at DEF CON 23, you may have caught Mark Stanislav's workshop, “The Hand that Rocks the Cradle: Hacking IoT Baby Monitors.” You may have also noticed some light redaction in the slides, since during the course of that research, Mark uncovered a number of new vulnerabilities across several video baby monitors. Vendors w

5 min Exploits

Revisiting an Info Leak

Today an interesting tweet [] from Greg Linares [] (who has been posting awesome analysis on twitter lately!) came to our attention, concerning the MS15-080 [] patch: This patch (included in MS15-080) may have been intended stop one of the Window kernel bugs exploited by Hacking Team. But, after our analysis, it appears that there is