3 min
Metasploit
Metasploit Wrap-Up 3/8/19
The Payload UUID and paranoid mode Meterpreter payload and listener features were first introduced and added to many HTTP and TCP Metasploit payloads in mid-2015.
3 min
Customer Perspective
Seasoned Pros Share Career Advice for Cybersecurity Success
In this blog, seasoned pros share what they’ve learned over the course of their careers that would have made a significant impact if they were just setting off at the starting gate.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/1/19
An improvement to HTTP command stagers allows exploits to write on-disk stagers to the location of your choosing.
2 min
Research
Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know
This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.
3 min
Automation and Orchestration
How Security Automation Enables Business Agility
How can any organization’s security team balance these priorities in a rapidly shifting security landscape while staying agile? Automation.
3 min
Vulnerability Management
Why Most Vulnerability Management Programs Fail and What You Can Do About It
In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.
4 min
Vulnerability Management
Checkmate! How to Win at Vulnerability Management Using the Game of Chess
Because the mindset you use to win at chess is the same one you should strive for as an information security professional, you can learn a lot by examining its rules, players, and strategy.
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 2/22/19
Document ALL THE THINGS!
This release sees quite a bit of documentation added with a module doc from
bcoles and four new module docs from newer docs contributor Yashvendra
. Module docs can be viewed with info -d and are
extremely helpful for getting acquainted with a modules capabilities and
limitations. We greatly value these contributions because, while not cool h4x0r
features by themselves, each one means that fewer people have to read the code
to understand ho
3 min
Vulnerability Management
Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know
On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.
6 min
IoT
[IoT Security] Introduction to Embedded Hardware Hacking
Many security professionals and researchers are intrigued by the idea of opening up and exploring embedded technologies but aren’t sure where to start.
12 min
Exploits
Stack-Based Buffer Overflow Attacks: Explained and Examples
Stack-based buffer overflow exploits are likely the shiniest and most common form of exploit for remotely taking over the code execution of a process.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 2/15/19
Crock-Pot cooking with Metasploit
Belkin's Wemo line of smart home
devices offers users a variety of internet-connected gadgets and gizmos they can
control around the home. One of those happens to be a Crock-Pot
. We went ahead and bought one.
Naturally, it made sense for us to write a module
9 min
Research
Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R
Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.
2 min
Patch Tuesday
Patch Tuesday - February 2019
Microsoft got back in the swing of things today after a couple of relatively
light months, with over 70 separate CVEs
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 2/8/19
Ubiquitous Devices
Our Rapid7 Labs team pulled the thread
on some recent buzz around exploitable Ubiquiti devices, which led to a new
scanner module (
auxiliary/scanner/ubiquiti/ubiquiti_discover.rb) from jhart-r7
. This module uses a simple UDP protocol to
identify potentially exploitable Ubiquiti devices on your network, a
