4 min
Attack Surface Management
Attack Surface Analysis Part 3:
Red and Purple Teaming
This is the third and final installment in our 2021 series around attack surface analysis. In this installment I’ll detail the final 2 analysis techniques—red and purple teaming.
2 min
Detection and Response
Automated remediation level 2: Best practices
When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process.
3 min
Metasploit
Metasploit Wrap-Up: 6/18/21
New Emby version scanner, IPFire authenticated RCE, HashiCorp Nomad RCE, Microsoft SharePoint unsafe control and ViewState RCE.
2 min
Research
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard
Rapid7 just released the third in our Industry Cyber-Exposure Report (ICER) series. We've slimmed down our research and reporting style, and this series focuses on five areas we believe that CISOs at mega-corporations actually have a shot at accomplishing.
6 min
Penetration Testing
Attack Surface Analysis Part 2: Penetration Testing
In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks.
2 min
Detection and Response
Automated remediation level 1: Lock down fundamentals
Ensuring visibility across teams is a critical component in a shared data set where everyone can come to the same conclusions. And if this understanding and trust between teams is achieved, then you might be ready to get into the particulars of automated remediation.
3 min
Metasploit
Metasploit Wrap-Up: 6/11/21
NSClient++
Community contributor Yann Castel has contributed an exploit module for
NSClient++ which targets an authenticated command execution vulnerability. Users
that are able to authenticate to the service as admin can leverage the external
scripts feature to execute commands with SYSTEM level privileges. This allows
the underlying server to be compromised. Castel is also working on another
exploit module for NSClient++ which happens to be a local privilege escalation
so stay tuned for more N
3 min
Vulnerability Management
Attack Surface Analysis Part 1: Vulnerability Scanning
In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy. We’ll start with vulnerability assessment below.
8 min
Vulnerability Disclosure
Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)
Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.
5 min
Vulnerability Management
Patch Tuesday - June 2021
It is another low volume Patch Tuesday this month as Microsoft releases fixes
for 50 vulnerabilities. This should not diminish the importance of speedily
applying the updates. 6 of the vulnerabilities being patched this month are
0-days under active exploitation (CVE-2021-31955
,
CVE-2021-31956
,
CVE-2021-33739
2 min
Cloud Security
Start putting automation into practice.
In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business.
2 min
Security Strategy
Kill Chains: Part 2→Strategic and tactical use cases
Let’s now take a look at how you can leverage the different kill chains to overcome vulnerabilities and win the day against attackers.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 6/4/21
Two new modules and a few enhancements and fixes, including improvements to the analyze command.
3 min
Identity Access Management (IAM)
All about the boundaries: The cloud IAM lifecycle approach
Implementing cloud Identity Access Management (IAM) boundaries can seem like an oxymoron in the midst of rapid growth or need for access as new personnel, teams, or supply-chain partners come online.
9 min
Public Policy
Proposed security researcher protection under CFAA
Rapid7 views independent cybersecurity research and the security community as important drivers for advancing cybersecurity for all, a core value for Rapid7. One way we take action on this value is by supporting protection for security researchers acting in good faith.