All Posts

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: May 17, 2019

Take a moment from this week's barrage of vulnerabilities in seemingly everything to see the cool stuff happening with the Metasploit team of contributors: a video interview between two greats, a new exploit module in GetSimple CMS, and a whole host of improvements.
4 min Rapid7 Culture

The Last Chip

You can learn a lot about an organization—and its leadership team—by eating chips at the airport waiting for a delayed flight.
2 min Vulnerability Management

How SOAR Is Disrupting Traditional Vulnerability Management

In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management.
5 min Ransomware

WannaCry, Two Years On: Current Threat Landscape

In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.

9 min Vulnerability Management

Medical Device Security, Part 3: Putting Safe Scanning into Practice

In this blog post, we put the theory we've built out in our medical device scanning series into practice.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 5/10/19

A new Chrome browser exploit, some WebLogic RCE, and an exploit for PostgreSQL. Also announcing the return of our annual Open-Source Security Meetup in Vegas!
4 min Research

Extracting Firmware from Microcontrollers’ Onboard Flash Memory, Part 4

In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.
7 min Vulnerability Management

Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup

In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.
2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 5/3/19

Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.
4 min InsightAppSec

How InsightAppSec Can Help You Improve Your Approach to Application Security

In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.

4 min IoT

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).

7 min Vulnerability Management

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 4/26/19

Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.

3 min IoT

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 2: Nordic RF Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).

5 min

Capture the Flag: Red Team vs. Cloud SIEM

Here's how InsightIDR fared in a recent Capture the Flag (CTF) meetup with a special blue-team element.

Popular Topics

Tags