1 min
Exploits
Adobe Flash CVE-2016-4171 Patch Tomorrow
Tomorrow, Adobe is expected
[http://arstechnica.com/security/2016/06/critical-adobe-flash-bug-under-active-attack-currently-has-no-patch/]
to release a patch for CVE-2016-4171
[https://helpx.adobe.com/security/products/flash-player/apsa16-03.html], which
fixes a critical vulnerability in Flash 21.0.0.242 that Kaspersky reports is
being used in active, targeted campaigns. Generally speaking, these sorts of
pre-patch, zero day exploits don't see a lot of widespread use; they're too
valuable to bu
2 min
Exploits
Social Attacks in Web App Hacking - Investigating Findings of the DBIR
This is a guest post from Shay Chen [https://twitter.com/sectooladdict], an
Information Security Researcher, Analyst, Tool Author and Speaker. The guy
behind TECAPI [http://tecapi.com/public/relative-vulnerability-rating-gui.jsp] ,
WAVSEP [https://github.com/sectooladdict/wavsep] and WAFEP
[https://sourceforge.net/projects/wafep/] benchmarks.
Are social attacks that much easier to use, or is it the technology gap of
exploitation engines that make social attacks more appealing?
While reading t
2 min
Microsoft
On Badlock for Samba (CVE-2016-2118) and Windows (CVE-2016-0128)
Today is Badlock Day
You may recall that the folks over at badlock.org [http://badlock.org/] stated
about 20 days ago that April 12 would see patches for "Badlock," a serious
vulnerability in the SMB/CIFS protocol that affects both Microsoft Windows and
any server running Samba, an open source workalike for SMB/CIFS services. We
talked about it back in our Getting Ahead of Badlock
[/2016/03/30/getting-ahead-of-badlock] post, and hopefully, IT administrators
have taken advantage of the pre-releas
2 min
Microsoft
Getting Ahead of Badlock
While we are keeping abreast of the news about the foretold Badlock
vulnerability [http://badlock.org/], we don't know much more than anyone else
right now. We're currently speculating that the issue has to do with the
fundamentals of the SMB/CIFS protocol, since the vulnerability is reported to be
present in both Microsoft's and Samba's implementations. Beyond that, we're
expecting the details from Microsoft as part of their regularly scheduled patch
Tuesday.
How Bad Is It?
Microsoft and the S
3 min
IoT
What's In A Hostname?
Like the proverbial cat, curiosity can often get me in trouble, but often
enough, curiosity helps us create better security. It seems like every time I
encounter a product with a web management console, I end up feeding it data that
it wasn't expecting.
As an example, while configuring a wireless bridge that had a discovery function
that would identify and list all Wi-Fi devices in the radio range, I thought: "I
wonder what would happen if I broadcast a service set identifier (SSID)
[https://en
4 min
Metasploit
12 Days of HaXmas: Metasploit End of Year Wrapup
This is the seventh post in the series, "The 12 Days of HaXmas."
It's the last day of the year, which means that it's time to take a moment to
reflect on the ongoing development of the Metasploit Framework, that de facto
standard in penetration testing, and my favorite open source project around.
While the acquisition of Metasploit way back in 2009 was met with some healthy
skepticism, I think this year, it's easy to say that Rapid7's involvement with
Metasploit has been an enormously positive
5 min
Vulnerability Disclosure
CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
On December 18th, 2015 Juniper issued an advisory
[https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST]
indicating that they had discovered unauthorized code in the ScreenOS software
that powers their Netscreen firewalls. This advisory covered two distinct
issues; a backdoor in the VPN implementation that allows a passive eavesdropper
to decrypt traffic and a second backdoor that allows an attacker to bypass
authentication in the SSH and Telnet daemons. Shortly
3 min
Exploits
What is SQL Injection?
The SQL Injection [https://www.rapid7.com/fundamentals/sql-injection-attacks/]
is one of the oldest and most embarrassing vulnerabilities web enabled code
faces. It is so old that there really is no excuse for only a niche of people
(namely web security professionals) to understand how it works. Every time I
think we've beat this topic to death, SQL Injection finds its way back into the
news. This post is my attempt to help anyone and everyone understand how it
works and why it's such a persist
3 min
Exploits
Watch your SaaS: Partial parameter checking or the case of unfinished homework
“Laws are like sausages. It's better not to see them being made.” – Otto von
Bismarck
I'm not sure how many of you have kids or how diligent they are with their
homework but I'm sure you've heard stories of parents observing that their kids
have finished their homework in a remarkably short period of time. However,
upon investigation, you quickly discover that your child has only finished half
of their homework.
Sadly, this state of affairs can also be true for SAAS providers offering web
app
2 min
Exploits
SQL Injection Vulnerabilities: 4 Reasons Security Teams Can't Stop Them
SQL injection vulnerabilities
[https://www.rapid7.com/fundamentals/sql-injection-attacks/] have threatened
application security for over 15 years and most security experts and many
developers alike understand SQLi very well. So why are they still quite common,
despite the fact that we, as an industry, know how to prevent them?
Related Resource: Download our SQL Injection Basics Toolkit
[https://information.rapid7.com/sql-injection-attacks-basics-toolkit.html?CS=community]
SQLInjection is a com
2 min
Exploits
Why SQL Injection Vulnerabilities Still Exist: 8 Reasons Developer's Can't Eliminate Them
Knowing how to prevent a SQL injection vulnerability
[https://www.rapid7.com/fundamentals/sql-injection-attacks/] is only half the
web application security battle. A multitude of factors come into play when it
comes to writing secure code, many of which are out of the developers' direct
control. That's why common vulnerabilities like SQL injection continue to plague
today's applications, and why application security testing software is so
important. These problems can be overcome – with a little
2 min
Exploits
R7-2015-17: HP SiteScope DNS Tool Command Injection
This is a vulnerability advisory for the HP SiteScope DNS Tool Command Injection
vulnerability, made in accordance with Rapid7's disclosure policy
[http://www.rapid7.com/disclosure.jsp].
Summary
Due to a problem with sanitizing user input, authenticated users of HP SiteScope
running on Windows can execute arbitrary commands on affected platforms as the
local SYSTEM account. While it is possible to set a password for the SiteScope
application administrator, this is not enforced upon installation
13 min
Metasploit
Using Reflective DLL Injection to exploit IE Elevation Policies
As you are probably aware, sandbox bypasses are becoming a MUST when exploiting
desktop applications such as Internet Explorer. One interesting class of sandbox
bypasses abuse IE's Elevation Policies. An example of this type of sandbox
bypass is CVE-2015-0016
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016]. The
vulnerability has already been analyzed by Henry Li, who published a complete
description in this blog entry
[http://blog.trendmicro.com/trendlabs-security-intelligence/
2 min
Penetration Testing
Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast
Penetration Tests are a key part of assuring strong security, so naturally,
security professionals are very curious about how this best practice goes down
from the pen tester perspective. Jack Daniel, Director of Services at Rapid7
with 13 years of penetration testing under his belt, recently shared which flaws
pen testers are regularly using to access sensitive data on the job in the
webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests
[https://information.rapid7.com/campfire-
5 min
Exploits
Revisiting an Info Leak
Today an interesting tweet
[https://twitter.com/Laughing_Mantis/status/631170614720462848] from Greg
Linares [https://twitter.com/Laughing_Mantis] (who has been posting awesome
analysis on twitter lately!) came to our attention, concerning the MS15-080
[https://technet.microsoft.com/en-us/library/security/ms15-080.aspx] patch:
This patch (included in MS15-080) may have been intended stop one of the Window
kernel bugs exploited by Hacking Team. But, after our analysis, it appears that
there is