Posts tagged Project Heisenberg

8 min Verizon DBIR

Key Concepts and Findings from the 2019 Verizon Data Breach Investigations Report

Our Rapid7 Labs research team has pored over Verizon Data Breach Investigations Report to identify some key waypoints to help the Rapid7 community navigate through this sea of information.

1 min Vulnerability Disclosure

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.

1 min Research

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.

4 min Incident Detection

Q4 Threat Report: Analyzing the Top 3 Advanced Threats and Detection Techniques

In this post, we’ll review three major findings based on data from Project Sonar, Project Heisenberg, and our Managed Detection and Response customer base, which leverages our security experts and InsightIDR to unify security data and identify compromises in real-time.

4 min Research

Rapid7 Introduces Industry Cyber-Exposure Report: ASX 200

Today, Rapid7 released our second Industry Cyber-Exposure Report, examining the overall exposure of the ASX 200 family of companies.

5 min Research

The Dynamic Duo: How to Use Projects Heisenberg and Sonar to Investigate Attacker Behavior

Cracking a cybersecurity case often requires more than one viewpoint—just look at Starsky and Hutch. For internet-related cases in particular, Rapid7 Labs' Project Sonar and Project Heisenberg each offer unique strengths.

3 min Penetration Testing

Password Tips From a Pen Tester: Common Patterns Exposed

Welcome back to Password Tips From a Pen Tester. Last time, I talked about what you can expect to learn from these posts and I also explained the three most common passwords that we see on penetration tests [/2018/05/10/password-tips-from-a-pen-tester-3-passwords-to-eliminate/]. This month, let’s take a look at how that kind of information is helpful on a penetration test [https://www.rapid7.com/fundamentals/penetration-testing/], and correlate what we know to actual data collected. When my co

1 min Honeypots

Whiteboard Wednesday: Your 6-Minute Recap of Q1 2018’s Threat Landscape

Gotten a chance to read Rapid7’s Quarterly Threat Report for 2018 Q1 [https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]? If not (or if you’re more of an auditory learner), we’ve put together a 6-minute recap video of the major findings. In our Quarterly Threat Reports [https://www.rapid7.com/info/threat-report/], our security researchers provide a wide-angle view of the threat landscape by leveraging intelligence from the Rapid7 Insight platform [https://www.rapid7.com/products/

3 min Project Heisenberg

No More Tears? WannaCry, One Year Later

WannaCry, one year later, and what happened to the SMB target environment.

4 min Penetration Testing

Password Tips From a Pen Tester: 3 Passwords to Eliminate

Every week, Rapid7 conducts penetration testing services [https://www.rapid7.com/services/penetration-testing-services/] for organizations that cracks hundreds—and sometimes thousands—of passwords. Our current password trove has more than 500,000 unique passwords that have been collected over the past two years. Where do these come from? Some of them come from Windows domain controllers and databases such as MySQL or Oracle; some of them are caught on the wire using Responder [https://github.com

2 min Honeypots

Off the Chain! A Research Paper Observing Bitcoin Nodes on the Public Internet

Over the last several years, blockchain-based technologies have exploded in growth. Lately it seems like blockchains are turning up everywhere, from chicken management systems [https://www.bloomberg.com/news/features/2018-04-09/yes-these-chickens-are-on-the-blockchain] to the next hot cryptocurrency [https://medium.com/bitfwd/how-to-do-an-ico-on-ethereum-in-less-than-20-minutes-a0062219374] . Waves of new companies, products and applications exist, often in the form of just wedging a blockcha

5 min Vulnerability Management

Drupalgeddon Vulnerability: What is it? Are You Impacted?

First up: many thanks to Brent Cook [/author/brent-cook/], William Vu [/author/william-vu/] and Matt Hand for their massive assistance in both the Rapid7 research into “Drupalgeddon” and their contributions to this post. Background on the Drupalgeddon vulnerability The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28 ) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory was released with a patch and CVE (CVE-2018-7600) [https://www.rapid7.com/

4 min Research

An Impressively Unprecedented Drop in Open memcached Services

(Many thanks to Jon Hart [https://twitter.com/jhartftw] and Tom Sellers [https://twitter.com/TomSellers] for their research and content for this blog post.) We started performing weekly monitoring of open/amplification-vulnerable memcached servers after the recent memcrashed [/2018/02/27/the-flip-side-of-memcrashed/] amplification distributed denial-of-service (DDoS) attack and today we have some truly awesome news to report, along with some evidence that the recent spate of DDoS attacks may n

2 min Project Sonar

The Flip Side of memcrashed

Rapid7 Labs keeps a keen eye on research and findings from other savvy security and technology organizations and noticed Cloudflare’s report [https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/] on new distributed denial of service (DDoS) amplification attacks using memcached [https://www.memcached.org/]. If you haven’t read Cloudflare’s (excellent) analysis yet, the TLDR is, memcached over UDP [https://github.com/memcached/memcached/blob/master/doc/protocol.txt

8 min Haxmas

The Ghost of a Botnet (Possibly) Past

For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!