1 min
Haxmas
On the Zero-eth Day of HaXmas...
I suppose it’s only fitting that this year, we introduce our storied 12 Days of
HaXmas on the zero-eth day. Technically, Twelvetide
[https://en.wikipedia.org/wiki/Twelve_Days_of_Christmas] doesn’t start until
December 25th. This year, we’re focusing on the security events that grabbed our
attention, metrics that piqued our interest, and projects we pursued outside the
blog and research spheres. We wanted to take a moment here at the end of the
year to make sure that they didn’t just get lost lik
5 min
Metasploit
12 Days of HaXmas: Meterpreter's new Shiny for 2016
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Editor's Note: Yes, this is technically an extra post to celebrate the 12th day
of HaXmas. We said we liked gifts!
Happy new year! It is once again time to reflect on Metasploit's n
3 min
Haxmas
12 Days of HaXmas: The Gift of Endpoint Visibility and Log Analytics
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Machine generated log data is probably the simplest and one of the most used
data source for everyday use cases such as troubleshooting, monitoring, security
investigations … the lis
7 min
Threat Intel
12 Days of HaXmas: New Years Resolutions for the Threat Intelligence Analyst
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
You may or may not know this about me, but I am kind of an overly optimistic
sunshine and rainbows person, especially when it comes to threat intelligence. I
love analysis, I love tac
5 min
Haxmas
12 Days of Haxmas: Giving the Gift of Bad News
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
This holiday season, eager little hacker girls and boys around the world will be
tearing open their new IoT gadgets and geegaws, and set to work on evading
tamper evident seals, proxy
3 min
Haxmas
12 Days of HaXmas: Giving Rapid7 Customers a Way to Share Their Voice
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
In early 2014, we formally launched a program called Rapid7 Voice
[https://www.rapid7.com/about/rapid7-voice/]. It's an advocacy program that
enables our outstanding customers to bui
4 min
Haxmas
12 Days of HaXmas: Metasploit Framework 2016 Overview
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Breaking Records and Breaking Business
2016 brought plenty of turmoil, and InfoSec was no exception:
* Largest data breach: Largest breach ever, affecting more than 1 billion Yahoo
4 min
Public Policy
12 Days of HaXmas: Year-End Policy Comment Roundup
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
On the seventh day of Haxmas, the Cyber gave to me: a list of seven Rapid7
comments to government policy proposals! Oh, tis a magical season.
It was an active 2016 for Rapid7's polic
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud honeypot network has enabled
9 min
Exploits
12 Days of HaXmas: A Fireside Foray into a Firefox Fracas
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Towards the end of November, the Tor community was shaken up by the revelation
of an previously unknown vulnerability being actively exploited against
pedo^H^H^H^H Tor Browser user
5 min
SIEM
12 Days of HaXmas: Rudolph the Machine Learning Reindeer
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Sam the snowman taught me everything I know about reindeer [disclaimer: not
actually true], so it only seemed logical that we bring him back to explain the
journey of machine learni
6 min
IoT
12 Days of HaXmas: 2016 IoT Research Recap
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
As we close out the end of the year, I find it important to reflect on the IoT
vulnerability research conducted during 2016 and what we learned from it. There
were several exciting I
5 min
Haxmas
12 Days of HaXmas: The One Present This Data Scientist Wants This Holiday Season
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
> “May you have all the data you need to answer your questions – and may half of
the values be corrupted!”
> - Ancient Yiddish curse
This year, Christmas (and therefore Haxmas) o
7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
[https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
[https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
11 min
Honeypots
12 Days of HaXmas: Beginner Threat Intelligence with Honeypots
This post is the 12th in the series, "12 Days of HaXmas."
So the Christmas season is here, and between ordering gifts and drinking
Glühwein
[https://en.wikipedia.org/wiki/Mulled_wine#German_and_Austrian_Gl.C3.BChwein]
what better way to spend your time than sieve through some honeypot / firewall /
IDS logs and try to make sense of it, right?
At Rapid7 Labs, we're not only scanning the internet
[https://sonar.labs.rapid7.com/], but also looking at who out there is scanning
by making use of ho