5 min
Events
The Black Hat Attendee Guide Part 7a: Electronic Survival
If you're just joining us, this post is part of a Black Hat Attendee Guide
series that starts right here
.**
When traveling to industry conferences, most people prepare their electronic
companions (laptops, cell phones, etc) by asking: “Did I pack the right charger
in my carry on?”
The premier gathering of the world's best and brightest hackers might be a great
opportunity for you to up your travel security game. This post serves as a quick
gui
5 min
Events
The Black Hat Attendee Guide Part 7: Your Survival Kit
Joining us for the first time? This post is part seven of a series that starts
right here .
Hacker Summer Camp is no joke, and you've got to have a game plan when you head
for Vegas. If you don't travel frequently, this is for you.
Ignoring sartorial conundrums and basic hygiene, this post is focused on keeping
your body operating at peak… or at least somewhat operational.
Vegas: It's nothing like home for most of us. Desert allergens, low humi
10 min
Events
The Black Hat Attendee Guide Part 6: The Sponsor Hall, Arsenal, and more
_
If you are just joining us, this is the sixth post in the series starting here
._
Conferences are magical and serendipitous. YouTube can't capture the electricity
you remember in the room as you tell someone “I watched Barnaby jackpot an ATM,”
as others echo back “I was there that year too!”
At technical conferences, the content leads the way—it is what brings us to the
show. Catching up on that research and work being done at “the tip of the
3 min
IT Ops
How to Add a GPS Time Source to ntpd
USB GPS dongles have come down significantly in price in recent years and I
picked one up to play with recently.
Apart from using a GPS module to report your latitude, longitude, altitude and
time for mapping applications, it’s also possible to feed the time information
to ntpd as a back-up time source or as a highly accurate time source depending
on the GPS module you end up getting.
The module that I use in this blog post
6 min
Metasploit
Interning at Rapid7: A "git push" in the Right Direction
How I Got Here
Hey there! My name is Mo. I'm currently an intern here at Rapid7 working in the
Austin office as part of the Metasploit team. If you came here expecting a deep
understanding of Metasploit, this blog post isn't the right place. If you ARE
interested in knowing what it's like to being a small town college student
working at a leading firm in security engineering, then keep reading!
Everyone used to tell me that every mistake and failure was a push in the right
direction, but that
1 min
Legal
Rapid7's Comments on the Wassenaar Arrangement Proposed Rule
For the past two months, the Department of Commerce's Bureau of Industry and
Security (BIS) has been running a public consultation to solicit feedback on its
proposal for implementing export controls for intrusion software under the
Wassenaar Arrangement. You can read about the proposal and Rapid7's initial
thoughts here
. The consultation window closed on Monday, July 20th
3 min
Metasploit Weekly Wrapup
Weekly Metasploit WrapUp: A Wild Committer Appears!
Browser Autopwn Version 2
Hey all! If you haven't been following the Metasploit development over the last
few weeks, you know that we've been pretty busy getting Browser Autopwn Version
2 (BAPv2) out the door and into Metasploit Framework. This project was, and is,
driven by our own beloved Wei _sinn3r Chen, and
it's one of those projects around here that I'm really personally very excited
about.
If you want to jump into all the implementation details and history,
5 min
Events
The Black Hat Attendee Guide Part 5 - Meaningful Introductions
If you are just joining us, this is the fifth post in the series starting here
.
Making An Introduction
I might be wrong, but I'll argue that networking is a transitive verb, so
ENGAGE! The real magic starts happening as you progress:
* Level 1-- Start with a “Hi, my name is… ” Yes, it's that simple, thanks to
Slim Shady
* Level 2-- Demonstrate that you have an idea of the world the other person
live
2 min
IT Ops
Playing with Java 8's Completable Futures
Of the many additions to Java 8 such as the Stream API
and
lambdas
, I
noticed one of the lesser talked about ones was CompletableFutures
. So I decided to have a play around with them on the last Java component I
wrote. My use case in a nutshell was piping larg
1 min
Patch Tuesday
Oracle Java JRE AES Intrinsics Remote Denial of Service (CVE-2015-2659)
Java 8 servers versions prior to u46 are susceptible to a remote unauthenticated
denial of service (hard crash) when used with AES intrinsics (AES-NI) CPU
extensions on supported processors. AES intrinsics are enabled by default on the
Oracle JVM if the the JVM detects that processor capability, which is common for
modern processors manufactured after 2010. For more on AES-NI, see the
Wikipedia
article .
This issue was tracked in the OpenJDK p
6 min
The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 2
Hello again,
Welcome back! So yesterday we did an introduction about the brand new Browser
Autopwn 2, if you have not read that, make sure to check it out
. And today, let's talk about how to use it, what you can do with it for better
vulnerability validation and penetration testing.
As we explained in the previous blog post, Browser Autopwn 2 is a complete
redesign from the firs
2 min
Patch Tuesday, July 2015
Administrators and security teams are in for a hectic week tackling 14
Microsoft security
bulletins, 2 Adobe updates addressing 4
CVEs for Flash\Shockwave and Oracle has released their quarterly update for 63
of
their product suites (including Java, Oracle DB, MySQL and Solaris).
Of the 14 Microsoft security bulletins, 4 re
7 min
Events
The Black Hat Attendee Guide Part 2 - The Briefings
If you are just joining us, this is the second post in the series starting here
.
Content is king. Research is what binds us, and you should not be surprised that
some of the best in the game focus their annual research calendar on the Black
Hat USA CFP. Offensive security research is the tail that wags the dog—many
vendors and architects spend the year trying to get back in front of some of the
bombs dropped at Black Hat each year.
There's a
4 min
The New Metasploit Browser Autopwn: Strikes Faster and Smarter - Part 1
Hi everyone,
Today, I'd like to debut a completely rewritten new cool toy for Metasploit:
Browser Autopwn 2. Browser Autopwn is the easiest and quickest way to explicitly
test browser vulnerabilities without having the user to painfully learn
everything there is about each exploit and the remote target before deployment.
In this blog post, I will provide an introduction on the tool. And then in my
next one, I will explain how you can take advantage of it to maximize your vuln
validation or pen
7 min
Web Application Security Scanning and the Art of Automation
A version of this blog was originally posted on Nov. 5, 2012.
Few people fully appreciate the difficulty in creating a web application
security scanner that can actually
work well against most sites. In addition, there is much debate about how much
application security testing can be automated and how much needs be done by
human hands. Let's look at a recent conversation
among some industry
exp