Webcasts
Upcoming
Don’t Pick the Lock Steal the Key – Password Auditing with Metasploit
May 30, 2012 - 2PM: In this technical webinar for network administrators and security engineers, David Maloney discusses weaknesses in password-based authentication on clients and servers and how to audit these as part of a regular security program.
On Demand
7 Critical Steps in Securing Your Virtual Environments
Forrester Senior Analyst Rick Holland and Bernd Leger, VP of Marketing, Products & Solutions at Rapid7, will lead this Webcast about the current state of virtualization and the important implications for security professionals. Rick and Bernd will share the 7 most critical recommendations for establishing and improving your virtualization security program and how you can minimize the risk of exploits.
Shifting Sands in Vulnerability Management: the new Strategic Security Platform
Have you seen the sands shifting in your business? Do your responsibilities extend further than just the network? Until recently, vulnerability scanners have been viewed as a commodity, however Securosis has found that security professionals are now looking at vulnerability management more holistically, with the ability to analyze networks, operation systems, applications, and virtual and cloud environments.
Easy Network Intrusion with Java
Java as a technology has been both celebrated and reviled due to its effect on enterprise security over the years. Unfortunately, Java has held steady while other platforms continue to improve security in both their development models and deployments. This webcast will cover the most critical java-based security flaws and demonstrate the use of Metasploit in exploiting them. The target list will include web browsers, mobile platforms, embedded devices, application servers, and RPC services.
How Automated Security Assessments Stop Untargeted Attacks
Nothing can replace a manual security assessment, especially if you are defending against highly targeted attacks or advanced persistent threats (APTs). However, the majority of attacks are untargeted, trying to exploit or brute force servers on a large scale with minimal effort and minimal risk. So why are penetration testers still mostly testing infrequently and by hand, especially if they are overworked and companies are having trouble hiring skilled people?
Easy Website Keylogging with Metasploit
Logging keystrokes has been in the malware arsenal for ages. While many keyloggers exist that capture all keystrokes on a system, it has been cumbersome to log keys on websites without using server-side components. In this webinar for security and IT professionals, security researcher Marcus Carey showcases a new Metasploit module that can log keys using only JavaScript client-side code on the website you’re monitoring, which is easy to apply to compromised webservers or phishing sites. This makes it an easy module for IT professionals to measure the security awareness and assess digital defenses of the networks they manage.
CyberScope, FDCC and USGCB: How to win the Security Configuration Management Battle
In this Webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ryan Poppa, Product Manager at Rapid7 discuss how the recent mandates by OMB and DHS effect federal agencies in their efforts to achieve FISMA compliance. They specifically address the new monthly reporting requirements for FDCC and USGCB through Cyberscope. Using Rapid7 Nexpose as an example, the presenters provide a specific roadmap for how companies can leverage an automated solution to meet their reporting requirements and lower their security risk.
A Parallel Universe: Identifying IPv6 Security Risks in IPv4 Networks
Most companies have not rolled out IPv6 strategically, but a lot of clients, servers, and mobile devices come with IPv6 enabled by default. For example, the default setting in Windows 7 and Windows Server 2008 is to prefer the IPv6 link-local address over the IPv4 address for network shares and management communication. While most companies have a tight grip on the IPv4 side of their networks, many don’t yet plan a rollout of or even audit the security of IPv6-enabled devices. This parallel universe is opening up new attack vectors.
In this webcast for IT security professionals and network engineers, HD Moore talks about risks introduced by IPv6-enabled devices on your network.
Virtually Secure: How to Assess the Security of Your Virtualized Data Center with Metasploit
Security assessments often treat virtual machines in the same way as physical machines since they share the same weaknesses. However, virtualization technology can also introduce new security risks if not properly deployed that leave organization open to attacks.
In this webcast for IT security professionals and network engineers, David Maloney shows gives some background on new techniques, including a live demo.
Stuck In The Past? How to Create Vulnerable Machines With Current Operating Systems
Do you feel like you’re still stuck in the last decade with your penetration testing lab? Most pre-packaged vulnerable machines you can download are built on vastly outdated operating systems and applications. Although this may be a great starting point if you’re getting started with penetration testing, they don’t provide a contemporary, realistic training ground. In his webcast, Matt Barrett starts with the question “How can I quickly set up vulnerable machines based on current operating systems?” and takes you through the hands-on process for creating vulnerable machines for their labs that mirror what you would see in today’s organizations.
Board Room Spy Cams: How Attackers Take Over Your Video Conferencing Systems And How To Stop Them
Video conferencing systems are one of the least understood platforms found on enterprise networks, often installed in locations that host senior-level staff, and outside of the scope of typical security assessments. This combination can expose the organization and the partners that it communicates with to espionage and data theft. Many vendors ship video conferencing system with default settings that can be used to remotely monitor a conference room, initiate outbound calls, and in some cases, provide remote system access to the device itself, turning it into a launching pad for new attacks.
Effective password testing using Metasploit with HD Moore
Software vulnerabilities receive most of the limelight in network security, but weak, shared, and mismanaged passwords are often the biggest threat to most organizations. Assessing password issues can be difficult and many problems are not visible to standard security tools.
How to find out if your SCADA system is vulnerable to cyber-attacks
In this webinar for CIOs and managers in the oil, gas and manufacturing industries, Jack Daniel talks about ways to determine where SCADA systems and corporate assets are vulnerable to attacks.
Security War Stories: Life on the Front Lines of a Breach
So you've been breached - and now what? Or better yet, you want to learn from the experiences of those that have to ensure that you're better prepared for the future.
Advanced Persistent Defense
Threats are constant and evolving. In this security landscape, organizations need to be proficient in both defense AND offense in order to protect themselves. We will also explore the countermeasures available to deterring, detecting, and responding to attacks on your network.
How to set up a penetration testing test lab
Join Matt Barrett, Security Consultant for Rapid7, for this Webcast to learn how to set up a pen test lab.
What's New in Nexpose 5.0: The Next Generation of Vulnerability Management
Organizations across all industries and government agencies (at both the federal and state level) are struggling to mitigate constant cyber threats and comply with legislative or regulatory mandates. Please join Kelly Martin, Director of Product Management for Rapid7 to learn about the patent-pending new features of Nexpose 5.0 and see how they can help you improve your overall risk posture.
What's new with Metasploit? HD Moore's personal tour of the next product version
In this hands-on webinar for security engineers and network administrators, HD Moore shows a live demo of a new version of Metasploit, covering existing and new Metasploit editions.
Identifying Real Risk in Virtualized Environments: A New Paradigm in Vulnerability Management
The widespread adoption of virtualization techniques provides proven benefits for organizations including lower cost of ownership, accelerated hardware ROI, and a simplified physical infrastructure. However, for security teams, virtualization has opened up a bit of a pandora's box.
Do you have your priorities straight? How to prevent data breaches by fixing the 'right' vulnerabilities
In this hands-on webinar for information security officers, HD Moore shows a live demo on how you can integrate your vulnerability management program with Metasploit Pro to help prevent data breaches.
Leveraging Metasploit Pro to enhance Red and Blue Teaming in Federal Agencies
In this webinar for penetration testers and network security engineers in government agencies, Eden Martinez talks about new techniques in Metasploit Pro to let Red teams simulate attacks on government networks and allow Blue teams to go on the offensive against them.
Consulting for Profit: Building a Business on Security Assessments
In this talk for security consultants and practice managers, Jack Daniel talks about how he uses Rapid7 solutions in consulting practice to increase both his margins and the satisfaction of his clients.
Identifying Infrastructure Blind Spots with Metasploit Framework
In this session for security practitioners who are responsible for enterprise network security solutions, Marcus Carey discusses how to use the Metasploit Framework beyond penetration testing to validate whether security solutions are working as expected. He presents new Metasploit modules designed specifically for testing firewalls, IDS, IPS, and DLP solutions.
When CSOs Attack
In this talk, HD discusses his experience implementing mandatory audits of new products and services in the office of the CSO and how the results led to better decisions across the organization. While he covers the overall process and some of the most surprising results, it also dives into the technical details of the most interesting vulnerabilities and their exploits.
Goal Oriented Pen Testing
Many security professionals and sys-admins do not have a solid understanding of what a penetration assessment is. What does the penetration tester spend time on? What drives the penetration tester? How do they prioritize what they focus on during an engagement? How do I get the most value out of an engagement?
In this webcast, Joshua "Jabra" Abraham explains the methodology used by the Rapid7 Professional Services Team to answer those questions.
Managing Security Challenges in Higher Education: Real-world solutions for Colleges and Universities
Colleges and universities have a unique combination of security challenges that go far beyond providing strictly educational services. Institutions of higher education can operate as communities-within-a-community, providing many of the services typically found within a city including housing, retail, medical, and financial services, making them subject to meeting regulatory compliance requirements such as PCI, HIPAA/HITECH, and GLBA.
Meeting the MA 201 CMR 17.00 Challenge - Continuing the Dialog: Get real-world solutions for how you can comply with the new Massachusetts Data Privacy Law
Considered the most aggressive new data privacy law in the country, 201 CMR 17.00 went into effect on March 1st 2010. Designed to protect Massachusetts residents from the rising incidence of fraud and identity theft that result from data breaches, this new regulation applies nationwide and is the leading edge in a new breed of proactive state regulations designed to prevent data loss rather than just require breach notification. Enforced by the State of Massachusetts Attorney General’s office, the new law establishes a minimum standard to be met for the protection of Massachusetts resident’s personal information (PI) contained in both paper and electronic records.
MASS 201 CMR 17.00 Deadline is Quickly Approaching, Are You Prepared? Listen to this OnDemand Roundtable to Find Out
In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the State of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 - Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). Building on California’s landmark security regulation SB-1386, Massachusetts Privacy Law establishes a minimum standard to be met for the protection of Massachusetts resident’s personal information (PI) contained in both paper and electronic records.
