1 min
Project Sonar
Project Sonar - Mo' Data, Mo' Research
Since its inception, Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] has
aimed to share the data and knowledge we've gained from our Internet scanning
and collection activities with the larger information security community. Over
the years this has resulted in vulnerability disclosures, research papers,
conference presentations, community collaboration and data. Lots and lots of
data.
Thanks to our friends at scans.io [https://scans.io/], Censys
[https://censys.io/], and the Universit
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud honeypot network has enabled
3 min
Project Sonar
Signal to Noise in Internet Scanning Research
We live in an interesting time for research related to Internet scanning.
There is a wealth of data and services to aid in research. Scanning related
initiatives like Rapid7's Project Sonar [https://sonar.labs.rapid7.com/], Censys
[https://censys.io/], Shodan [https://www.shodan.io/], Shadowserver
[https://www.shadowserver.org/] or any number of other public/semi-public
projects have been around for years, collecting massive troves of data. The
data and services built around it has been used f
3 min
Project Sonar
The Internet of Gas Station Tank Gauges -- Final Take?
In early 2015, HD Moore performed one of the first publicly accessible research
related to Internet-connected gas station tank gauges, The Internet of Gas
Station Tank Gauges [/2015/01/22/the-internet-of-gas-station-tank-gauges].
Later that same year, I did a follow-up study that probed a little deeper in
The
Internet of Gas Station Tank Gauges — Take #2
[/2015/11/18/the-internet-of-gas-station-tank-gauges-take-2]. As part of that
study, we were attempting to see if the exposure of these devic
9 min
Project Sonar
Project Sonar Study of LDAP on the Internet
The topic of today's post is a Rapid7 Project Sonar
[https://sonar.labs.rapid7.com/] study of publicly accessible LDAP services on
the Internet. This research effort was started in July of this year and various
portions of it continue today. In light of the Shadowserver Foundations's
recent announcement [https://ldapscan.shadowserver.org/] regarding the
availability relevant reports we thought it would be a good time to make some of
our results public. The study was originally intended to be a
11 min
Metasploit
NCSAM: Understanding UDP Amplification Vulnerabilities Through Rapid7 Research
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA
[/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers]
and the 30th anniversary of the CFAA - a problematic law that hinders beneficial
security research. Throughout the month, we will be sharing content that
enhances understanding of what independent security research
6 min
Project Sonar
Sonar NetBIOS Name Service Study
For the past several years, Rapid7's Project Sonar
[https://sonar.labs.rapid7.com/] has been performing studies that explore the
exposure of the NetBIOS name service on the public IPv4 Internet. This post
serves to describe the particulars behind the study and provide tools and data
for future research in this area.
Protocol Overview
Originally conceived in the early 1980s, NetBIOS is a collection of services
that allows applications running on different nodes to communicate over a
network. O
7 min
Exploits
Bringing Home The EXTRABACON [Exploit]
by Derek Abdine & Bob Rudis [/author/bob-rudis/] (photo CC-BY-SA Kalle
Gustafsson)
Astute readers will no doubt remember the Shadow Brokers leak of the Equation
Group exploit kits and hacking tools back in mid-August. More recently, security
researchers at SilentSignal noted
[https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/] that it was
possible to modify the EXTRABACON exploit from the initial dump to work on newer
Cisco ASA (Adaptive Security Appliance) devices, meaning that
6 min
Project Sonar
Digging for Clam[AV]s with Project Sonar
A little over a week ago some keen-eyed folks discovered a
feature/configuration
weakness [http://seclists.org/nmap-dev/2016/q2/198] in the popular ClamAV
malware scanner that makes it possible to issue administrative commands such as
SCAN or SHUTDOWN remotely—and without authentication—if the daemon happens to be
running on an accessible TCP port. Shortly thereafter, Robert Graham unholstered
his masscan [https://github.com/robertdavidgraham/masscan] tool and did a s
ummary blog post
[http://bl
2 min
Research
Rapid7 Releases New Research: The National Exposure Index
Today, I'm happy to announce the latest research paper from Rapid7, National
Exposure Index: Inferring Internet Security Posture by Country through Port
Scanning [https://information.rapid7.com/national-exposure-index.html], by Bob
Rudis, Jon Hart, and me, Tod Beardsley. This research takes a look at one of the
most foundational components of the internet: the millions and millions of
individual services that live on the public IP network.
When people think about "the internet," they tend to
6 min
Research
The Attacker's Dictionary
Rapid7 is publishing a report about the passwords attackers use when they scan
the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA
Conference this week, or online right here
[https://information.rapid7.com/attackers-dictionary.html]. The following post
describes some of what is investigated in the report.
Announcing the Attacker's Dictionary
Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] periodically scans the
internet across a variety of ports and protocols
5 min
Project Sonar
Rapid7 Labs' Project Sonar - Nexpose Integration
With the release of Nexpose 5.17, customers were enabled to easily gain an
outsider's view of their internet-facing assets. This capability was made
possible through integration with Rapid7 Labs' Project Sonar
[/2013/09/26/welcome-to-project-sonar].
What is Project Sonar?
Project Sonar is a community effort to improve security through the active
analysis of public networks. This includes running scans across public
internet-facing systems, organizing the results, and sharing the data with the
2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
3 min
Metasploit
12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog
This post is the tenth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
The Metasploit Framework uses operating system and service fingerprints for
automatic target selection and asset identification. This blog post describes a
major overhaul of the fingerprinting backend within Metasploit and how you can
extend it by submitting new fingerprints.
Historically, Metasploit wasn't great at fin
2 min
Project Sonar
2015: Project Sonar Wiki & UDP Scan Data
Project Sonar started in September of 2013 with the goal of improving security
through the active analysis of public networks. For the first few months, we
focused almost entirely on SSL, DNS, and HTTP enumeration. This uncovered all
sorts of interesting security issues and contributed to a number of advisories
and research papers. The SSL and DNS datasets were especially good at
identifying assets for a given organization, often finding systems that the IT
team had no inkling of. At this point,