4 min
Penetration Testing
Combining Responder and PsExec for Internal Penetration Tests
By Emilie St-Pierre, TJ Byrom, and Eric Sun
Ask any pen tester what their top five penetration testing tools
[https://rapid7.com/fundamentals/penetration-testing-tools/] are for internal
engagements, and you will likely get a reply containing nmap, Metasploit,
CrackMapExec, SMBRelay and Responder.
An essential tool for any whitehat, Responder is a Python script that listens
for Link-Local Multicast Name Resolution (LLMNR), Netbios Name Service (NBT-NS)
and Multicast Domain Name System (mDNS)
9 min
Metasploit
Pen Testing Cars with Metasploit and Particle.io Photon Boards
TL;DR
This post details how to use the MSFRelay library for Photon boards to write
your own Metasploit [https://rapid7.com/products/metasploit/] compatible
firmware. Specifically for an add-on called Carloop. If you have a Carloop and
just want it to work with Metasploit without having to write any code (or read
this) then I've also provided the full code as a library example in the Particle
library and can be found here
[https://build.particle.io/libs/spark-msf-relay/0.0.1/tab/example/msf-carlo
4 min
Metasploit
Metasploitable3 Capture the Flag Competition
UPDATE: Leaderboard can be found on this new post
[/2016/12/14/metasploitable3-ctf-competition-update]! Plus, some notes that may
be helpful.
Exciting news! Rapid7 is hosting a month-long, world-wide capture the flag(s)
competition!
Rapid7 recently released Metasploitable3
[https://github.com/rapid7/metasploitable3], the latest version of our
attackable, vulnerable environment designed to help security professionals,
students, and researchers alike hone their skills and practice their craft. I
4 min
Automation and Orchestration
What is Penetration Testing?
Synopsis
Penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/]
or as most people in the IT security field call it, pen testing, is the testing
of software and hardware for vulnerabilities or weaknesses that an attacker
could exploit. In the IT world this usually applies, but is not limited to, PCs,
networks, and web applications. Also known as “red teaming” pen testing is done
by everyone from government agencies to law enforcement, military, and private
companies.
Pen
6 min
Penetration Testing
Establishing an Insider Threat Program for Your Organization
Whether employees realize it or not, they can wreak havoc on internal and
external security protocols. Employees' daily activities (both work and
personal) on their work devices (computers, smartphone, and tablets) or on their
company's network can inflict damage. Often called “insider threats,” employees'
actions, both unintentional or intentional, are worth paying heed to whenever
possible. Gartner's Avivah Litan reported on this thoroughly in her “Best
Practices for Managing Insider Security
5 min
Metasploit
Pentesting in the Real World: Going Bananas with MongoDB
This is the 4th in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
Prefa
5 min
Metasploit
Pentesting in the Real World: Gathering the Right Intel
This is the first in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
So
4 min
Penetration Testing
Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues
In a fight between pirates and ninjas, who would win? I know what you are
thinking. “What in the world does this have to do with security?” Read on to
find out but first, make a choice: Pirates or Ninjas?
Before making that choice, we must know what the strengths and weaknesses are
for each:
Pirates
Strengths
Weaknesses
StrongLoudBrute-Force AttackDrunk (Some say this could be a strength too)Great
at PlunderingCan be CarelessLong-Range CombatNinjas
Strengths
Weaknesses
FastNo ArmorStealthySmal
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
[/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is
5 min
Phishing
10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]
, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan in case someone
does get th
1 min
Metasploit
Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast
Earlier this week we heard from ckirsch
[https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager
for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint:
it's a lot!). With the increase in high profile breaches and their costs, more
and more emphasis is being put on the pen tester and security in general. Read
on if you'd like to get the top takeaways from this week's webcast so that you
aren't left in the dark about, "7 Ways to Make Your Penetratio
1 min
Penetration Testing
Your PenTest Tools Arsenal
When it comes to information security, one of the major problems is setting up
your PenTest Tools Arsenal. The truth is, there are too many tools out there and
it would take forever to try half of them to see if one fits your needs. Over
the years, there have been some well established tools released that most of
security professionals use currently, but that doesn't mean that are not unknown
yet still very good pentesting tools that are not as popular.
I wanted to make a list of the pentest to
3 min
Penetration Testing
#pwnSAP Tweet Chat Debrief
On December 3, Rapid7 security researcher Juan Vazquez hosted a panel of experts
[/2013/11/25/pwnsap-join-us-for-a-tweet-chat-on-dec-3] for a tweet chat to
discuss SAP system hacking. The #pwnSAP chat was a great discussion – here are
some highlights.
Juan's first question was, “Can you start by telling us a bit about how SAP
system hacking has changed lately?” @todb called this research paper, SAP
Penetration Testing Using Metasploit – How to Protect Sensitive ERP Data
[http://information.rap
4 min
Metasploit
How To Do Internal Security Audits Remotely To Reduce Travel Costs
An internal penetration tests simulates an attack on the network from inside the
network. It typically simulates a rogue employee with user-level credentials or
a person with physical access to the network, such as cleaning staff, trying to
access resources on the network they're not authorized for.
Internal penetration tests typically require the auditor to be physically
present in the location. If you are working as a consultant, then conducting
internal penetration tests can mean a lot of
2 min
Compliance
Malicious SSIDs And Web Apps
On February 13th 2013, Cisco released a security notice related to CVE-2013-1131
[http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1131]
. According to Cisco, the vulnerability is due to improper validation of the
Service Set Identifier (SSID) when performing a "site survey" to discover other
wireless networks. On the face of it, this vulnerability seems to be low-risk.
Indeed, site surveys are not often performed and an adversary would need to
either be incredibly luc