Posts tagged National Exposure

2 min Project Sonar

National Exposure Index 2017

Today, Rapid7 is releasing the second National Exposure Index [https://www.rapid7.com/info/national-exposure-index], our effort to quantify the exposure that nations are taking on by offering public services on the internet—not just the webservers (like the one hosting this blog), but also unencrypted POP3, IMAPv4, telnet, database servers, SMB, and all the rest. By mapping the virtual space of the internet to the physical space where the machines hosting these services reside, we can provide gr

7 min Exploits

Bringing Home The EXTRABACON [Exploit]

by Derek Abdine & Bob Rudis [/author/bob-rudis/] (photo CC-BY-SA Kalle Gustafsson) Astute readers will no doubt remember the Shadow Brokers leak of the Equation Group exploit kits and hacking tools back in mid-August. More recently, security researchers at SilentSignal noted [https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/] that it was possible to modify the EXTRABACON exploit from the initial dump to work on newer Cisco ASA (Adaptive Security Appliance) devices, meaning that

2 min Research

Rapid7 Releases New Research: The National Exposure Index

Today, I'm happy to announce the latest research paper from Rapid7, National Exposure Index: Inferring Internet Security Posture by Country through Port Scanning [https://information.rapid7.com/national-exposure-index.html], by Bob Rudis, Jon Hart, and me, Tod Beardsley. This research takes a look at one of the most foundational components of the internet: the millions and millions of individual services that live on the public IP network. When people think about "the internet," they tend to