Last updated at Thu, 28 Dec 2023 21:33:29 GMT

Hey, gang! It’s your old pal, Tod Beardsley, here. It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.

This series features authors from across Rapid7’s deep bench of technical talent—hackers from the Metasploit and InsightVM teams to beguile you with tales of exploitation, vulnerability analysis, and even a little infosec archeology; consultants from Rapid7 Services with some bite-sized stocking stuffers from penetration tests past; and researchers from Rapid7 Labs to bring tidings of what’s to come.

The long winter nights this time of year are a fine time for contemplation, mainly because many people are on vacation, so the email and Slack torrents slow down around here and in offices around the world. So, I invite you to take a few moments this Twelvetide to take stock of what went right for you and yours in your cybersecurity adventures, and consider what you can do to help us make the internet safer, more stable, and at least a little bit more fun in 2019.

2. The Return of Snapid Kevin to the North Pole

In this post, co-written by Jonathan Stines and Tommy Dew, security consultant Snapid Kevin returns to the North Pole to evaluate Santa's physical and personnel security.

3. The Nightmare After Christmas

To help you get ready for 2019 (aka the Nightmare After Christmas), Bob Rudis draws upon some of Tim Burton's prose in this post to scare prepare you for what’s to come.

4. R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

While most HaXmas posts this holiday season are full of fun and frivolity, this one is, admittedly, about as dry as last year’s fruitcake: a pretty routine vulnerability disclosure in a piece of IoT gear.

5. The New Shiny: Memorable Metasploit Moments of 2018

In this post, Caitlin Condon shares some of the highlights of the goodness that’s landed in Metasploit Framework this past year—from module hotness and contributor excellence to big backend projects and new functionality you may have missed.

6. Once a Haxer, Always a Haxor

Follow along as Rapid7 Research Lead (IoT) Deral Heiland conducts his longtime holiday tradition of taking apart his Christmas presents to see how they work. This year's test subject? Amazon's voice-controlled microwave.

7. Advice for the Lazy Family Sysadmin

For over a decade, Brent Cook has managed to run a part-time remote fleet for his in-laws. Here is his advice for how to be a lazy family system administrator this holiday.

8. The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference

In honor of the eighth day of Christmas, Patrick Laverty, Whitney Maxwell, Robby Stewart, Emilie St-Pierre, and Jonathan Stinesare recapping some social engineering insights that were shared at the brand-new Layer 8 conference.

9. HaXmas Review: 12 Patch Tuesdays a-Patching

Happy New Year! In this post, Greg Wiseman recaps 2018 Patch Tuesdays and tells you what you need to know.

10. The Ghost of Exploits Past: A Deep Dive into the Morris Worm

In this blog, William Vu dives into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.

11. Santa's ELFs: Running Linux Executables Without execve

The holiday season is winding down, but Santa's ELFs do not get a post-holiday break, since the Executable and Linkable Format (ELF) is the base of numerous Unix-like operating systems.

12. Happy HaXmas! Year-End Internet Scanning Observations

As we wrap up 2018 and forge ahead into 2019, this blog by Jon Hart reflects on some of the key observations we made through our internet scanning with Project Sonar and sharing of scan data and related collaboration through Opendata.

Our 12 Days of HaXmas blog series has now officially wrapped up for the year, but thanks to everyone who celebrated with us. We'll be back next year!