Posts tagged Virtual Infrastructure

4 min Virtual Infrastructure

Modern Network Coverage and Container Security in InsightVM

For a long time, the concept of “infrastructure” remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway in their ability to spin up and take down new machines at will. Large chunks of critical processes and applications run in cloud services like Amazon Web Services (AWS) and Microsoft Azure. Containers hav

2 min Nexpose

Software defined security made real

This week were headed for VMworld 2014 in San Fransisco and we're excited to be talking about how Rapid7 is partnering with industry leaders like Symantec, Palo Alto Networks, and of course VMware to build out the VMware NSX security ecosystem []. Together we've created an integrated system that collaborates together leveraging the NSX platform [] to automate risk identification and mitigation for VMware customers

2 min Nexpose

Real-time Protection from Nexpose & VMware NSX

One of Nexpose's core promises, is that we will give you actionable visibility into your physical, cloud, and virtual environments to help you identify what assets are on your network, and what are the most critical security risks to remediate. As a part of supporting that visibility, Rapid7 and VMware announced last August, that Rapid7 is the first VMware NSX network and security platform ecosystem partner [] for vulnerability management.  This

4 min Product Updates

Weekly Update: Meterpreter Updates, VMWare, the OSX spycam, Retabbing, and more!

Meterpreter Updates This is a big week for Meterpreter. For starters, we've landed a new Meterpreter Python payload [] . Yes, yes, I know, you thought that Metasploit was all Ruby all the time, but this and the Python payloads for bind shells from Spencer McIntyre [] should help out on advancing the state of Meterpreter by leaps and bounds. Despite Metasploit's m

3 min Metasploit

Fun With VMware Utilities: vmware_mount Exploit (CVE-2013-1662)

On August 22, Tavis Ormandy dropped a bug in VMWare [] that takes advantage of a build configuration in Linux distributions. Providing you have user-level access to a Debian or Ubuntu box with VMWare installed, this exploit gives you root access. It's a fun bug and I want to explain how the Metasploit module for it works: The background There's this thing called priv_mode in bash that means it will drop privs if euid != uid. Anyone who h

1 min Nexpose

VMworldTV Meets the Team Behind Rapid7

Earlier this week, I blogged that Rapid7 is part of VMware NSX ecosystem [/2013/08/27/rapid7-part-of-vmware-nsx-partner-ecosystem] and gave you an overview of the solution we are working on together with VMware. Check out the below interview with VMworldTV to learn more. Lee Weiner, SVP, Products & Engineering at Rapid7, talks about the integration between Nexpose-VMware NSX and the key benefits to organizations. Tas Giakouminakis, Co-Founder & CTO at Rapid7, goes through a demonstration o

2 min Nexpose

Rapid7 part of VMware NSX Partner ecosystem

We're very excited that VMware is showcasing Rapid7 as an official VMware NSX Partner [] at VMworld 2013 this week, demonstrating how we provide best-in-class vulnerability management for virtual networks. Rapid7 has been a longtime partner with VMware.  In 2011, we introduced our vAsset discovery [/2011/11/01/virtualization-introduces-new-security-gaps] method that allows Nexpose to have real-time visib

4 min Penetration Testing

Free Metasploit Penetration Testing Lab In The Cloud

No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server [], which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configurat

2 min Release Notes

Getting the Most from Customizable CSV Exports - Part 6

Hi, my name is Eden Martinez, and I'm a Federal Sales Engineer with Rapid7. Larger environments often list scalability as one of their top problems; specifically, too much data. With current tools, it's not hard to generate large data sets. Most tools are comprehensive with a focus on the largest list of results wins. While you can turn all the knobs on Nexpose up to 11, I've found many enterprise environments prefer to focus on prioritization of vulnerabilities and trending of the results. M

2 min Nexpose

Automating Nexpose Discovery Connections through the Java API

Nexpose has long offered APIs allowing for automated workflow operations. The following examples are intended to help Nexpose users automate the discovery mechanisms feature through the API. The following code shows how to leverage the Java API client [] to create, list, update and delete discovery mechanisms in Nexpose. Nexpose supports Discovery connection API starting on version 5.2.  The supported operations on the API with regards to discovery ar

3 min Metasploit

Testing the Security of Virtual Data Centers

If you are doing security assessments, you are probably running into virtual servers every day. According to analyst firm Gartner, 80% of companies now have a virtualization project or program. With the recent 4.2 release of Metasploit, your next penetration test should be much more fun. For example, Metasploit now flags ESX Servers as virtual hosts in the user interface: If you are managing virtual servers, you may have come across the VMware vSphere Web Services SDK. It's a powerful way to

1 min Nexpose

Nexpose 5.0 Release

Today we released the latest version of Nexpose. This is a great release for those of you who are working in virtual environments as it adds dynamic virtual asset tracking, allows you to track configuration policy scans, and even introduces a new look and feel for the product itself. Additionally, it includes capabilites to generate a Real Risk score that incorporates known Malware Exposure and allows you to track risk trends over time. Here's a link to the announcement [

2 min Virtual Infrastructure

Virtualization - Introduces New Security Gaps

This is my first blog as a Rapid7 employee.  I started in July of this year as a product manager, and my first project is helping a team build a new discovery method for Nexpose.  Virtualization has been around since the 1960s, even though it didn't start to become mainstream until the late 1990s when VMware was founded.  In the most recent years server virtualization has been growing at a rapid pace.  As it continues to spread, it introduces gaps in your security program. Over the last couple

2 min Virtual Infrastructure

The Next Security Frontier: Virtualization

Most pundits agree that virtualization is taking the industry by storm. Leading analyst group IDC is projecting [] that more than 70% of all server workloads installed on new shipments are expected to reside in a virtual machine by 2014. With organizations lining up left and right to climb on the virtualization bandwagon, the security aspect of deploying virtualized software is