Posts by Eray Yilmaz

2 min Nexpose

Adaptive Security: Rapid7 Critical Vulnerability Category

Starting this week, we have added a new vulnerability category: Rapid7 Critical. When we examine a typical vulnerability, each vulnerability comes with various pieces of information such as CVE id, CVSS score, and others. These pieces of information can be very handy especially when you set up Automated Actions in Nexpose. Here is an example: As you can see the example on the right, this trigger will initiate a scan action if there is a new coverage available that meets the criteria of CVSS

2 min Metasploit

Now Officially Supporting Kali Linux 2.0

In August, we were getting a lot of questions about Kali 2. I have answered some questions in Metasploit on Kali Linux 2.0 [/2015/08/12/metasploit-on-kali-linux-20] blog post in the past. Today, I am pleased to announce that we extend our official platform support to three new operating systems which are now listed in Metasploit System Requirements [http://www.rapid7.com/products/metasploit/system-requirements.jsp] page: * Kali Linux 2.0 * Red Hat Enterprise Server 7.1 or later * Microsoft W

2 min Metasploit

Metasploit on Kali Linux 2.0

As you are aware, Kali 2.0 [https://www.kali.org/releases/kali-linux-20-released/] has been released this week and getting quite a bit of attention, as it should. Folks behind Kali have worked really hard to bring you the new version of Kali Linux that everyone is excited about. If you have already started to play with the new version, you probably have realized that something is different, that is; Metasploit Community / Pro is no longer installed by default. Where is Metasploit Community / Pr

2 min Ruby on Rails

Metasploit Framework Rails 4.0 Upgrade

It is always a running battle to keep an application's backend up to date with various technologies. Today, we are excited to announce that Metasploit Framework now ships with Rails 4.0. Upgrades like this are sometimes hard to get excited about because if everything goes well, users should see no difference. There are many reasons to upgrade to Rails 4, though. Why Upgrade Here are the important reasons to upgrade from our perspective: * Security is a big part of why we have to keep our code

7 min PCI

Webcast Followup: Escalate Your Efficiency

Last week, we had a live webcast to talk about how Metasploit Pro helps pentesters be more efficient and save time. There were so many attendees, which made it possible to have great conversation. First of all, I want to thank you folks who have taken the time from their busy schedules to watch us live. There were many questions our viewers asked us, and we were not able to answer all of them due to time limitations. In this post, you will find the answers for those questions. First things fir

3 min Metasploit

Credentials --> Compromises | Rinse and Repeat

1 Attack Vector: Credentials According to the Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/DBIR/2014/], credentials are the number #1 attack vector used to compromise networks. This news comes with no surprises. Credentials have been and most likely will continue to be one of the top attack vectors for years to come. With credentials-based attacks becoming exponentially more topical, it's become more critical than ever to focus on credentials management and reuse.

4 min Metasploit

Being Product Manager of Metasploit

Hello World My name is Eray Yilmaz, and I am the new Product Manager of Metasploit. It has been three months since I have joined Rapid7, and I wanted to share my experiences with you so far. Before we get to that, here is tiny bit about myself: I am a 28, married, and fairly new father. I went to UTSA where I majored in Information Assurance and Information Systems, and received my B.B.A. Like anyone else in our industry, I have done my fair share of IT work, from helpdesk to managing networks

4 min Metasploit

HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301)

Overview The Update (2014122301) which was released on December, 23th 2014, failed to include necessary files for the application to update to version 4.11.0 for the first time. Issue The application will not start, therefore browser will provide generic "The page can't be displayed" message when trying to load the web UI. Additionally, various log messages may appear in respective log files. Windows: C:\metasploit\apps\pro\engine\prosvc.log Linux: /opt/metasploit/apps/pro/engine/prosvc_stder