2 min
Research
25 Years of Nmap: Happy Scan-iversary!
On September 1, 1997, the open-source security scanner Nmap was released. Our Director of Research Tod Beardsley reflects on the 25th anniversary.
7 min
Application Security
OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective
Injection claimed the number 3 spot in OWASP's 2021 Top 10 application security risks. We highlight why injection remains such a formidable threat.
11 min
Public Policy
Hack Back Is Still Wack
The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.
5 min
Metasploit
Metasploit Hackathon Wrap-Up: What We Worked On
As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.
7 min
Metasploit
Hiding Metasploit Shellcode to Evade Windows Defender
Being on the offensive side in the security field, I personally have a lot of
respect for the researchers and engineers in the antivirus industry, and the
companies dedicated to investing so much in them. If malware development is a
cat-and-mouse game, then I would say that the industry creates some of the most
terrifying hunters. Penetration testers and red teamers suffer the most from
this while using Metasploit [http://4hko.drordi.com/products/metasploit/], which
forced me to look into how to
6 min
Hacking
Building a Car Hacking Development Workbench: Part 3
Welcome back to the car hacking development workbench series. In part two we
discussed how to read wiring diagrams. In part three, we are going to expand on
the workbench by re-engineering circuits and replicate signals used in your
vehicle.
If this is your first time stumbling across this write up, I encourage you to
check out the previous two parts to this series:
Part 1: Constructing a Workbench
[/2017/07/11/building-a-car-hacking-development-workbench-part-1]
Part 2: How to Read Wiring Di
5 min
Hacking
Building a Car Hacking Development Workbench: Part 2
This is part two of a three-part series. Part one
[/2017/07/11/building-a-car-hacking-development-workbench-part-1] covered how to
build a development workbench. Part two of this series will cover reading
electrical diagrams and serve as a primer for part three, where we will
re-engineer common circuit types found in vehicles.
Electrical Diagrams & Re-identification
Technically, your bench is complete at this point, and you can connect an OBD-II
to USB conversion device to start interpreting
10 min
Hacking
Building a Car Hacking Development Workbench: Part 1
Introduction
There is a vast body of knowledge hiding inside your car. Whether you are an
auto enthusiast, developer, hobbyist, security researcher, or just curious about
vehicles, building a development bench can be an exciting project to facilitate
understanding and experimentation without risking possible damage to your
vehicle. This is a perfect project for people of a wide range of ages and skill
levels. Even if you have never worked on a car before, or you do not feel like
your Electronics
5 min
Public Policy
Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law
Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927
[http://www.senate.michigan.gov/committees/files/2016-SCT-JUD_-09-20-1-01.PDF] –
that forbids some forms of vehicle hacking, but includes specific protections
for cybersecurity researchers. Rapid7 supports these protections. The bill is
not law yet – it has only cleared a Committee in the Senate, but it looks poised
to keep advancing in the state legislature. Our background and analysis of the
bill is below.
In summary
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
[/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is
5 min
Exploits
Revisiting an Info Leak
Today an interesting tweet
[http://twitter.com/Laughing_Mantis/status/631170614720462848] from Greg
Linares [http://twitter.com/Laughing_Mantis] (who has been posting awesome
analysis on twitter lately!) came to our attention, concerning the MS15-080
[http://technet.microsoft.com/en-us/library/security/ms15-080.aspx] patch:
This patch (included in MS15-080) may have been intended stop one of the Window
kernel bugs exploited by Hacking Team. But, after our analysis, it appears that
there is
2 min
Networking
SOC Monkey's Week in Review - 3.23.12
Hello all,
Every Friday I'm going to round up the week with a few of my favorite stories
that we've seen during the week on my app (SOC Monkey, available now, free in
the Apple App Store). Let's dive right in, shall we?
One of the biggest items of the week was the latest word from Facebook on
employers asking job applicants to reveal their passwords. Ars Technica's
article saw a lot of interest: Facebook says it may sue employers who demand
job
applicants' passwords
[http://arstechnica.com