3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 13, 2019
Fall is in the air, October is on the way, and it is Friday the 13th. We have a
lot of updates and features that landed this week, though none are particularly
spooky, and unfortunately, none are json-related…1
We recently updated our digital signing keys, and some users may have seen
warnings that their Metasploit packages were not signed. We’ve fixed this as of
this week—apologies for any confusion. If you are still experiencing signing
issues, you may need to re-download Metasploit installer
2 min
Penetration Testing
This One Time on a Pen Test: The Pizza of Doom
Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.
3 min
Automation and Orchestration
Automating User Provisioning and Deprovisioning with Security Orchestration, Automation, and Response (SOAR)
Here are three ways security orchestration and automation tools can streamline the user provisioning and deprovisioning process.
4 min
Vulnerability Management
CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know
On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.
11 min
Vulnerability Disclosure
R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)
This disclosure describes R7-2019-09, composed of three vulnerabilities in the
Basic Laboratory Information System (BLIS). Due to flawed authentication and
authorization verification, versions of BLIS < 3.5 are vulnerable to
unauthenticated password resets (R7-2019-09.1), and versions of BLIS < 3.51 are
vulnerable to unauthenticated enumeration of facilities and usernames
(R7-2019-09.2) as well as unauthenticated updates to user information
(R7-2019-09.3).
These vulnerabilities are summarized i
3 min
Metasploit
Metasploit Wrap-Up 9/6/19
At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.
4 min
Metasploit
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework.
2 min
Penetration Testing
This One Time on a Pen Test: Your Mouse Is My Keyboard
In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.
3 min
Application Security
RASP 101: What Is Runtime Application Self-Protection?
If your organization isn't using a runtime application self-protection (RASP) tool to protect your applications, here's what you need to know.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/30/19
Back to school blues
Summer is winding down and while our for contributions haven't dropped off
(thanks y'all!), we've been tied up with events and a heap of research. Don't
despair, though: our own Brent Cook , Pearce Barry,
Jeffrey Martin , and Matthew Kienow
will be at DerbyCon 9 running the Metasploit
Town Hall at noon Friday. They'll be delivering a community update and answering
questions, so be sur
1 min
Penetration Testing
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
5 min
Cloud Infrastructure
How to Set Up InsightVM in Your Google Cloud Environment
In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.
3 min
Application Security
Application Security 101: The Importance of DevSecOps in AppSec
In this blog, we will share some insightful tips on all things application security and DevSecOps.
7 min
InsightVM
Summer Security Fundamentals Recap: Vulnerability Management
In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/23/19
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.
