All Posts

AppDomain Manager Injection: New Techniques For Red Teams

This article details a variety of ways to perform and utilize AppDomain Manager Injection during red team operations.

Cloud Security Strategies for Manufacturing

Most manufacturing organizations struggle with visibility issues in their hybrid cloud environments. This article offers strategies that can help.

4 min Managed Detection and Response (MDR)

Three Takeaways from the Gartner® Market Guide for Managed Detection and Response Services

We are proud to offer this complimentary Gartner® Market Guide for Managed Detection and Response for businesses of all sizes.

2 min Metasploit

Metasploit Weekly Wrap-Up: 4/28/23

Scanner That Pulls Sensitive Information From Joomla Installations This week's Metasploit release includes a module for CVE-2023-23752 by h00die [https://github.com/h00die]. Did you know about the improper API access vulnerability in Joomla installations, specifically Joomla versions between 4.0.0 and 4.2.7, inclusive? This vulnerability allows unauthenticated users access to web service endpoints which contain sensitive information such as user and config information. This module can be used to

4 min Cloud Security

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

In this article, we discuss how the recently released ISO 27001:2022 compliance pack for InsightCloudSec can benefit your organization.

4 min InsightVM

Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem

Rapid7 Insight Agent and InsightVM Scan Assistant can improve visibility into your environment. This article explores how and when to use each.

4 min Rapid7 Culture

Starting a Career in Tech? Learn How Rapid7’s Emerging Talent Programmes Foster Long-Term Success

Rapid7’s Emerging Talent Programmes pave the way for early career professionals to have a successful career in tech.

4 min Gartner

4 Takeaways from the 2023 Gartner® Market Guide for CNAPP

In an ongoing effort to help security organizations gain greater visibility into risk, we're pleased to offer this complimentary Gartner research, and share our 4 takeaways from the 2023 Gartner® Market Guide for CNAPP.

3 min Metasploit

Metasploit Weekly Wrap-Up: 4/21/23

VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 [https://github.com/jheysel-r7] exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956 [https://github.com/advisories/GHSA-54hw-pp59-j3rc], which is an authentication bypass and the second being a JDBC injection in the form of CVE-2022-22957 [https://github.com/advisories/GHSA-cqx6-4jgp-26m2] ultimately granting us RCE. The module

3 min Research

3 Key Challenges to Clarity in Threat Intelligence: 2023 Forrester Consulting Total Economic Impact™ Study

The 2023 Forrester Consulting Total Economic Impact™ Study of Threat Command looks at, among other things, the difficulties of obtaining clear threat intel.

6 min Velociraptor

Automating Qakbot Detection at Scale With Velociraptor

This blog offers a practical methodology to extract configuration data from recent Qakbot samples.

4 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up: 4/14/23

Rocket Software UniRPC Exploits Ron Bowes [https://github.com/rbowes-r7] submitted two exploit modules [https://github.com/rapid7/metasploit-framework/pull/17832] for vulnerabilities he discovered [https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/] in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidata_udadmin_auth_bypass exploits an authentication bypass to ultimately gain remot

2 min Research

Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350

In this report, Rapid7 looked first at the overall attack surface of the FTSE 350 companies, broken down by industry.

12 min Vulnerability Management

Patch Tuesday - April 2023

114 vulnerabilities patched, including a zero-day driver-based LPE. Message Queueing Service RCE. End of support for 2013 products.