4 min
Phishing
What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs
I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.
4 min
Metasploit
EternalBlue: Metasploit Module for MS17-010
This week's release of Metasploit [https://www.rapid7.com/products/metasploit]
includes a scanner and exploit module for the EternalBlue vulnerability, which
made headlines a couple of weeks ago when hacking group, the Shadow Brokers,
disclosed a trove of alleged NSA exploits
[https://www.rapid7.com/blog/post/2017/04/18/the-shadow-brokers-leaked-exploits-faq/]
. Included among them, EternalBlue, exploits MS17-010
[https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue], a
Wi
1 min
Metasploit
Announcement: End-of-Life Metasploit 32-Bit Versions
UPDATE: With the release of version 4.15 on July 19, 2017, commercial Metasploit
32-bit platforms (Metasploit Pro, Metasploit Express, and Metasploit Community)
no longer receive future product or content updates. These platforms are now
obsolete and are no longer supported.
Rapid7 announced the end of life of Metasploit Pro 32-bit versions for both
Windows and Linux operating systems on July 5th, 2017. This announcement
applies to all editions: Metasploit Pro, Metasploit Express and Metasploi
2 min
Adaptive Security Overview
In Nexpose 6, we are introducing Adaptive Security, a smarter way to automate
actions taken based on security incidents as they occur in your environment. The
ultimate goal is to give back to security teams the time spent configuring tools
to respond to a threat and automating the tedious and repetitive tasks taken to
understand changes in the asset inventory and the threat landscape.
With Adaptive Security, you can create workflows called automated actions that
respond to new and existing asse
2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
4 min
Release Notes
Configuration assessment and policy management in Nexpose 5.2
We love our policy Dashboards. They are new, hot, intuitive, robust and really
useful. In our latest release of Nexpose, version 5.2, we've made two major
enhancements to our configuration assessment capabilities:
* A policy overview dashboard: To understand the current status of compliance
of configurations delivering a summary of the policy itself.A policy rule
dashboard: To provide further details for a particular rule and the current
compliance status for that rule.
What makes th
4 min
Javascript
Java API client - How to augment it and share with the community
The prerequisite is that you get the client: clee-r7/nexpose_java_api · GitHub
[https://github.com/clee-r7/nexpose_java_api]
This blog post will show you how to augment the java api client and use it in 4
easy steps.
The Java API client uses XML templates to generate requests. Browse to the
src/org/rapid7/nexpose/api folder within the API source code, you will see the
templates for the currently supported API client requests. i.e:
AssetGroupSaveRequest.xml.
There are currently 2 versions of