6 min
InsightIDR
Defense in Depth Using Deception Technology in InsightIDR
Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.
5 min
Research
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
2 min
InsightIDR
Deception Technology in InsightIDR: Setting Up Honeypots
In order to overcome the adversary, we must first seek to understand. By
understanding how attackers operate, and what today’s modern network looks like
from an attacker’s perspective, it’s possible to deceive an attacker, or at
least have warning around internal network compromise. Today, let’s touch on a
classic deception technology
[https://www.rapid7.com/solutions/deception-technology/] that continues to
evolve: the honeypot.
Honeypots [https://www.rapid7.com/fundamentals/honeypots/] are de
1 min
Honeypots
Whiteboard Wednesday: Your 6-Minute Recap of Q1 2018’s Threat Landscape
Gotten a chance to read Rapid7’s Quarterly Threat Report for 2018 Q1
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]? If not (or
if you’re more of an auditory learner), we’ve put together a 6-minute recap
video of the major findings. In our Quarterly Threat Reports
[https://www.rapid7.com/info/threat-report/], our security researchers provide a
wide-angle view of the threat landscape by leveraging intelligence from the
Rapid7 Insight platform [https://www.rapid7.com/products/
5 min
InsightIDR
How to Identify Attacker Reconnaissance on Your Internal Network
The most vulnerable moment for attackers is when they first gain internal access
to your corporate network. In order to determine their next step, intruders must
perform reconnaissance to scout available ports, services, and assets from which
they can pivot and gain access to customer databases, credit card data, source
code, and more. These initial moments are arguably your best opportunities to
catch attackers before critical assets are breached, but unfortunately, it can
be very challenging t
4 min
Honeypots
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with
Nexpose's web spider functionality. This check will be performed against any
URIs discovered with the suffix “.action” (the default configuration for Apache
Struts apps). To learn more about using this check, read this post
[/2017/03/15/using-web-spider-to-detect-vulnerable-apache-struts-apps-cve-2017-5638]
.
UPDATE - March 9th, 2017: Scan your network for this vulnerability
[https://www.rapid7.com/products/nexpose/d
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud honeypot network has enabled
6 min
Automation and Orchestration
Introduction to Honeypots
Synopsis
With an ever-increasing number of methods and tactics used to attack networks,
the goal of securing a network must also continually expand in scope. While
traditional methods such as IDS/IPS systems, DMZ’s, penetration testing and
various other tools can create a very secure network, it is best to assume
vulnerabilities will always exist, and sooner or later, they will be exploited.
Thus, we need to continuously find innovative ways of countering the threats,
and one such way is to depl
2 min
Cloud Infrastructure
[Cloud Security Research] Cross-Cloud Adversary Analytics
Introducing Project Heisenberg Cloud
Project Heisenberg Cloud is a Rapid7 Labs research project with a singular
purpose: understand what attackers, researchers and organizations are doing in,
across and against cloud environments. This research is based on data collected
from a new, Rapid7-developed honeypot framework called Heisenberg along with
internet reconnaissance data from Rapid7's Project Sonar
[https://sonar.labs.rapid7.com/?CS=blog].
Internet-scale reconnaissance with cloud-inspired a
3 min
InsightIDR
Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials
If you're only looking through your log files, reliably detecting early signs of
attacker reconnaissance can be a nightmare. Why is this important? If you can
detect and react to an intruder early in the attack chain, it's possible to kick
the intruder out before he or she accesses your critical assets. This is not
only good for you (no monetary data is stolen), but it's also critical because
this is the only time in the chain that the intruder is at a disadvantage.
Once an attacker has an i
6 min
Research
The Attacker's Dictionary
Rapid7 is publishing a report about the passwords attackers use when they scan
the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA
Conference this week, or online right here
[https://information.rapid7.com/attackers-dictionary.html]. The following post
describes some of what is investigated in the report.
Announcing the Attacker's Dictionary
Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] periodically scans the
internet across a variety of ports and protocols
6 min
IT Ops
The yellow brick road to machine learning with honeypot data: Our lessons learned
Recently the Rapid7 Logentries [https://logentries.com/get-started/] team
attended a hackathon over at one of our Boston offices. This was a great way for
us to integrate with the other Rapid7 teams within the company and to have fun
messing around with things we don’t usually have time for in a working day.
The project that my team worked on involved machine learning with the dataset
collected by some of the various Heisenberg honeypots that Rapid7 has deployed.
More information about these
11 min
Honeypots
12 Days of HaXmas: Beginner Threat Intelligence with Honeypots
This post is the 12th in the series, "12 Days of HaXmas."
So the Christmas season is here, and between ordering gifts and drinking
Glühwein
[https://en.wikipedia.org/wiki/Mulled_wine#German_and_Austrian_Gl.C3.BChwein]
what better way to spend your time than sieve through some honeypot / firewall /
IDS logs and try to make sense of it, right?
At Rapid7 Labs, we're not only scanning the internet
[https://sonar.labs.rapid7.com/], but also looking at who out there is scanning
by making use of ho
1 min
Open Source
Webcast: Playing in the Sandbox - Open Source Tools for Threat Intelligence
If you missed last week's webcast in the Life's a Breach series, I have good
news for you: The recording is now available
[http://information.rapid7.com/open-source-tools-for-threat-intelligence-on-demand.html?LS=1315242&CS=web]
. In this webcast, Claudio Guarnieri, security researcher with Rapid7 and
creator of Cuckoo Sandbox, shows what we can learn from analyzing malware that
have been caught with honeypots.
By watching this webcast you will learn:
* How to actively collect and analyze thr