Posts tagged Project Heisenberg

7 min Haxmas

Yankee Swapped: MQTT Primer, Exposure, Exploitation, and Exploration

This HaXmas, Rapid7's Jon Hart Yankee swaps readers a few minutes' attention for a festive look at MQTT exposure on the public IPv4 internet (and an exploitation module!).

8 min UNITED

Data Mining the Undiscovered Country

Using Internet-scale Research Data to Quantify and Reduce Exposure It’s been a busy 2017 at Rapid7 Labs. Internet calamity struck swift and often, keeping us all on our toes and giving us a chance to fully test out the capabilities of our internet-scale research platform [https://sonar.labs.rapid7.com/]. Let’s take a look at how two key components of Rapid7 Labs’ research platform—Project Heisenberg and Heisenberg Cloud—came together to enumerate and reduce exposure the past two quarters. (If r

11 min Research

Measuring SharknAT&To Exposures

On August 31, 2017, NoMotion’s “SharknAT&To” research [https://www.nomotion.net/blog/sharknatto/] started making the rounds on Twitter. After reading the findings, and noting that some of the characteristics seemed similar to trends we’ve seen in the past, we were eager to gauge the exposure of these vulnerabilities on the public internet. Vulnerabilities [https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/] such as default passwords or command injection, which are usually tri

6 min Research

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file sharing protocol. It spreads to unpatched devices directly connected to the internet and, once inside an organization, those machines and devices behind the firew

4 min Honeypots

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with Nexpose's web spider functionality. This check will be performed against any URIs discovered with the suffix “.action” (the default configuration for Apache Struts apps). To learn more about using this check, read this post [/2017/03/15/using-web-spider-to-detect-vulnerable-apache-struts-apps-cve-2017-5638] . UPDATE - March 9th, 2017: Scan your network for this vulnerability [https://www.rapid7.com/products/nexpose/d

8 min Haxmas

12 Days of HaXmas: A HaxMas Carol

(A Story by Rapid7 Labs) Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Happy Holi-data from Rapid7 Labs! It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong Heisenberg Cloud honeypot network has enabled

3 min Botnets

Election Day: Tracking the Mirai Botnet

by Bob Rudis [/author/bob-rudis/], Tod Beardsley [/author/tod-beardsley], Derek Abdine & Rapid7 Labs Team What do I need to know? Over the last several days, the traffic generated by the Mirai family of botnets [/2016/10/25/mirai-faq-when-iot-attacks] has changed. We've been tracking the ramp-up and draw-down patterns of Mirai botnet members and have seen the peaks associated with each reported large scale and micro attack since the DDoS attack against Dyn, Inc. We've tracked over 360,000 uniqu

2 min Cloud Infrastructure

[Cloud Security Research] Cross-Cloud Adversary Analytics

Introducing Project Heisenberg Cloud Project Heisenberg Cloud is a Rapid7 Labs research project with a singular purpose: understand what attackers, researchers and organizations are doing in, across and against cloud environments. This research is based on data collected from a new, Rapid7-developed honeypot framework called Heisenberg along with internet reconnaissance data from Rapid7's Project Sonar [https://sonar.labs.rapid7.com/?CS=blog]. Internet-scale reconnaissance with cloud-inspired a

6 min Research

The Attacker's Dictionary

Rapid7 is publishing a report about the passwords attackers use when they scan the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA Conference this week, or online right here [https://information.rapid7.com/attackers-dictionary.html]. The following post describes some of what is investigated in the report. Announcing the Attacker's Dictionary Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] periodically scans the internet across a variety of ports and protocols