2 min
Research
25 Years of Nmap: Happy Scan-iversary!
On September 1, 1997, the open-source security scanner Nmap was released. Our Director of Research Tod Beardsley reflects on the 25th anniversary.
7 min
Application Security
OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective
Injection claimed the number 3 spot in OWASP's 2021 Top 10 application security risks. We highlight why injection remains such a formidable threat.
11 min
Public Policy
Hack Back Is Still Wack
The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.
5 min
Metasploit
Metasploit Hackathon Wrap-Up: What We Worked On
As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.
4 min
Project Sonar
VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices
(Many thanks to Rebekah Brown [/author/rebekah-brown/] & Derek Abdine for their
contributions to the post.)
How does VPNFilter work?
Over the past few weeks, Cisco’s Talos
[https://www.cisco.com/c/en/us/products/security/talos.html] group has published
some significant new research
[https://blog.talosintelligence.com/2018/06/vpnfilter-update.html] on a new
malware family called VPNFilter. VPNFilter targets and compromises networking
devices to monitor the traffic that goes through them. The mal
7 min
Metasploit
Hiding Metasploit Shellcode to Evade Windows Defender
Being on the offensive side in the security field, I personally have a lot of
respect for the researchers and engineers in the antivirus industry, and the
companies dedicated to investing so much in them. If malware development is a
cat-and-mouse game, then I would say that the industry creates some of the most
terrifying hunters. Penetration testers and red teamers suffer the most from
this while using Metasploit [https://www.rapid7.com/products/metasploit/], which
forced me to look into how to
6 min
Hacking
Getting Started in Ethical Hacking
A while back, a Twitter user
[https://twitter.com/Astilexgaming/status/966342745097998337] asked us the
following question:
> I have a friend who is looking into ethical hacking. She is also a broke college
student so do you know of any free for affordable resources she can use?
Ethical hackers use their knowledge of vulnerabilities to help defend against
criminals, hacktivists, and nation-state attackers (and sometimes, mischievous
pranksters). They need a solid background in writing softwar
3 min
Rapid7 Perspective
On Random Shell Generators
A couple days ago, AutoSploit.py [https://github.com/NullArray/AutoSploit] was
released by a person named Real__Vector [https://twitter.com/Real__Vector]. It’s
safe to say that it’s made some waves in the security Twitterverse, and a few
people have asked us here at Rapid7 what we think about it given the project’s
inclusion of Metasploit, so we figured a short blog might be in order.
The debate around it is actually pretty nuanced. I don’t think anyone believes
AutoSploit.py is 100% evil or 10
6 min
Hacking
Building a Car Hacking Development Workbench: Part 3
Welcome back to the car hacking development workbench series. In part two we
discussed how to read wiring diagrams. In part three, we are going to expand on
the workbench by re-engineering circuits and replicate signals used in your
vehicle.
If this is your first time stumbling across this write up, I encourage you to
check out the previous two parts to this series:
Part 1: Constructing a Workbench
[/2017/07/11/building-a-car-hacking-development-workbench-part-1]
Part 2: How to Read Wiring Di
5 min
Hacking
Building a Car Hacking Development Workbench: Part 2
This is part two of a three-part series. Part one
[/2017/07/11/building-a-car-hacking-development-workbench-part-1] covered how to
build a development workbench. Part two of this series will cover reading
electrical diagrams and serve as a primer for part three, where we will
re-engineer common circuit types found in vehicles.
Electrical Diagrams & Re-identification
Technically, your bench is complete at this point, and you can connect an OBD-II
to USB conversion device to start interpreting
10 min
Hacking
Building a Car Hacking Development Workbench: Part 1
Introduction
There is a vast body of knowledge hiding inside your car. Whether you are an
auto enthusiast, developer, hobbyist, security researcher, or just curious about
vehicles, building a development bench can be an exciting project to facilitate
understanding and experimentation without risking possible damage to your
vehicle. This is a perfect project for people of a wide range of ages and skill
levels. Even if you have never worked on a car before, or you do not feel like
your Electronics
2 min
Metasploit
Car Hacking on the Cheap
Metasploit's HWBrige comes with an automotive extension. This works out of the
box if you happen to have a SocketCAN compatible CAN sniffer hanging around.
However, if you don't have one, there is a decent chance you have a cheap sub
$10 vehicle dongle in a drawer somewhere. If not you can probably pick one up on
ebay super cheap. Metasploit supports the ELM327 and STN1100 chipsets that are
very popular in these dongles. Metasploit comes with a tool to connect these
devices provided your device
5 min
Public Policy
Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law
Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927
[http://www.senate.michigan.gov/committees/files/2016-SCT-JUD_-09-20-1-01.PDF] –
that forbids some forms of vehicle hacking, but includes specific protections
for cybersecurity researchers. Rapid7 supports these protections. The bill is
not law yet – it has only cleared a Committee in the Senate, but it looks poised
to keep advancing in the state legislature. Our background and analysis of the
bill is below.
In summary
7 min
Hacking
Hacking the Election: What to Expect
Today, we're less than fifty days from the next U.S. presidential election, and
over the next couple months, I fully expect to see a lot of speculation over the
likelihood of someone "hacking the election." But what does that even mean?
The U.S. election system is a massively complex tangle of technology, and, at
first, second, and third glance, it appears to embody the absolute worst
practices when it comes to information security. There are cleartext,
Internet-based entry points to the voting
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
[/2016/01/27/simple-network-management-protocol-snmp-best-practices], to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is