All Posts

Metasploit Weekly Wrap-Up: Nov. 3, 2023

PTT for DCSync This week, community member smashery [https://github.com/smashery] made an improvement to the windows_secrets_dump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run the windows_secrets_dump module with the DOMAIN action and obtain the desired information. No password required. This is particularly useful in workflows involving the exp

4 min Emergent Threat Response

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments.

3 min IoT

Is That Smart Home Technology Secure? Here’s How You Can Find Out.

I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 27, 2023

New module content (4) Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: #18447 [https://github.com/rapid7/metasploit-framework/pull/18447] contributed by emirpolatt [https://github.com/emirpolatt] Path: admin/http/atlassian_confluence_auth_bypass AttackerKB reference: CVE-2023-22515 [https://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515?referrer=blog] Description: This adds an exploit for

2 min Emergent Threat Response

CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability

On October 10, 2023, Citrix published an advisory on two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. The more critical of these is CVE-2023-4966, a sensitive information disclosure vulnerability that allows an attacker to read large amounts of memory after the end of a buffer.

4 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 19, 2023

That Privilege Escalation Escalated Quickly This release features a module leveraging CVE-2023-22515 [https://www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/] , a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” with a CVSS score of 10. The exploit itself is very simple and easy to use so there was little surprise when

7 min Emergent Threat Response

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software.

4 min Cloud Security

Cloud Webinar Series Part 1: Commanding Cloud Strategies

Our new cloud security webinar series will unveil key trends, pinpoint critical challenges, and provide actionable insights for security professionals.

8 min Vulnerability Disclosure

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers.

3 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 13, 2023

Pollution in Kibana This week, contributor h00die [https://github.com/h00die] added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a queries that sets a new constructor.prototype.sourceURL directly to Elastic or by using Kibana to submit the same queries. Note that Kibana needs to be restarted or wait for c

5 min Research

The Risks of Exposing DICOM Data to the Internet

DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.

12 min Patch Tuesday

Patch Tuesday - October 2023

Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 6, 2023

New module content (3) LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: #18197 [https://github.com/rapid7/metasploit-framework/pull/18197] contributed by dwelch-r7 [https://github.com/dwelch-r7] Path: scanner/ldap/ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication against various different protocols and mechanisms. This LDAP login scanner supports multiple types of aut

8 min Research

Little Crumbs Can Lead To Giants

This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).

4 min Detection and Response

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.