All Posts

2 min Metasploit

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement attacks, or who need to use this functionality as an attack primitive. Note when using this module that there is a standard number of computers a user can add, so be wary that you may get STATUS_DS_MACH

2 min Career Development

Rapid7 Belfast Recognized for “Company Connection” During COVID-19 Pandemic

Irish News has recognized Rapid7 in its Workplace and Employment Awards, where we’ve taken home the trophy for Best Company Connection.

1 min Lost Bots

[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes

In the first installment of Season 2 of The Lost Bots, hosts Jeffrey Gardner and Stephen Davis give us their 5 pillars of success for SIEM deployment.

3 min Application Security

Application Security in 2022: Where Are We Now?

When Forrester put out The State of Application Security, 2022 report, we thought it was a great time to share where we think AppSec is headed.

3 min Ransomware

For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.

5 min Vulnerability Disclosure

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.

4 min Application Security

API Security: Best Practices for a Changing Attack Surface

APIs have become a large part of the application attack surface, making API security a critical consideration.

2 min Metasploit

Metasploit Weekly Wrap-Up

Add Windows target support for the Confluence OGNL injection module Improves the exploit/multi/http/atlassian_confluence_namespace_ognl_injection module to support Windows server targets. This new target can be used to run payloads in memory with Powershell using the new payload adapters or drop an executable to disk. Once a Meterpreter session is obtained, getsystem can be used to escalate to NT AUTHORITY\SYSTEM using the RPCSS technique (#5) since Confluence service runs as NETWORK SERVICE by

4 min Detection and Response

Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever

Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response (DFIR) tool.

4 min Vulnerability Disclosure

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.

2 min Awards

Two Rapid7 Solutions Take Top Honors at SC Awards Europe

We are pleased to announce that two Rapid7 solutions were recognized on Tuesday, June 21, at the prestigious SC Awards Europe.

6 min Detection and Response

Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction

A Forrester Consulting study commissioned by Rapid7 found our MDR service delivered an estimated 549% return on investment over 3 years.

1 min Security Nation

[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence

In this episode, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creator and founder.

4 min Cloud Security

How to Secure App Development in the Cloud, With Tips From Gartner

New Gartner research highlights how to keep your cloud applications safe without resorting to a patchwork of overlapping tools and services.

2 min Metasploit

Metasploit Weekly Wrap-Up

vCenter Secret Extracter Expanding on the work of the vcenter_forge_saml_token auxiliary module, community contributor npm-cesium137-io [https://github.com/npm-cesium137-io] has added a new module for extracting the vmdir/vmafd certificates, the IdP keypair, the VMCA root cert, and anything from vmafd that has a private key associated, from an offline copy of the services database. This information can then be used with the vcenter_forge_saml_token module to gain a session cookie that grants acc