Posts tagged Honeypots

6 min InsightIDR

Defense in Depth Using Deception Technology in InsightIDR

Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.

5 min Research

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?

2 min InsightIDR

Deception Technology in InsightIDR: Setting Up Honeypots

In order to overcome the adversary, we must first seek to understand. By understanding how attackers operate, and what today’s modern network looks like from an attacker’s perspective, it’s possible to deceive an attacker, or at least have warning around internal network compromise. Today, let’s touch on a classic deception technology [http://0z47.d809.com/solutions/deception-technology/] that continues to evolve: the honeypot. Honeypots [http://0z47.d809.com/fundamentals/honeypots/] are de

4 min InsightIDR

How to Identify Attacker Reconnaissance on Your Internal Network

The most vulnerable moment for attackers is when they first gain internal access to your corporate network. In order to determine their next step, intruders must perform reconnaissance to scout available ports, services, and assets from which they can pivot and gain access to customer databases, credit card data, source code, and more. These initial moments are arguably your best opportunities to catch attackers before critical assets are breached, but unfortunately, it can be very challenging t

4 min Honeypots

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with Nexpose's web spider functionality. This check will be performed against any URIs discovered with the suffix “.action” (the default configuration for Apache Struts apps). To learn more about using this check, read this post [http://0z47.d809.com/blog/post/2017/03/15/using-web-spider-to-detect-vulnerable-apache-struts-apps-cve-2017-5638/] . UPDATE - March 9th, 2017: Scan your network for this vulnerability [http://

8 min Haxmas

12 Days of HaXmas: A HaxMas Carol

(A Story by Rapid7 Labs) Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [http://0z47.d809.com/blog/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Happy Holi-data from Rapid7 Labs! It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong Heisenberg Cloud

6 min Honeypots

Introduction to Honeypots

Synopsis With an ever-increasing number of methods and tactics used to attack networks, the goal of securing a network must also continually expand in scope. While traditional methods such as IDS/IPS systems, DMZ’s, penetration testing and various other tools can create a very secure network, it is best to assume vulnerabilities will always exist, and sooner or later, they will be exploited. Thus, we need to continuously find innovative ways of countering the threats, and one such way is to depl

3 min InsightIDR

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before he or she accesses your critical assets. This is not only good for you (no monetary data is stolen), but it's also critical because this is the only time in the chain that the intruder is at a disadvantage. Once an attacker has an i