3 min
Metasploit
Metasploit Wrap-Up: Sep. 18, 2020
Six new modules this week, and a good group of enhancements and fixes!
6 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of SMB
In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.
5 min
Public Policy
A step closer to stronger federal IoT security
The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.
3 min
InsightVM
Decentralize Remediation Efforts to Gain More Efficiency with InsightVM
We’re excited to introduce you to two new InsightVM product updates to help you further reduce friction, save time, and gain greater efficiency.
2 min
Penetration Testing
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.
2 min
Vulnerability Management
CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know
CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.
3 min
Vulnerability Management
Vulnerability Remediation vs. Mitigation: What’s the Difference?
In this blog, we dive into better understanding the difference between vulnerability mitigation vs. remediation.
5 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of FTP/S (TCP/990)
In this installation of our NICER Protocol Deep Dive blog series, we take a look at the internet exposure of FTP/S (TCP/990).
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 11, 2020
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.
4 min
InsightVM
How to Track and Remediate Default Account Vulnerabilities in InsightVM
In this blog post, we discuss older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM.
2 min
Penetration Testing
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.
3 min
SOAR
How Rapid7 Is Transforming an On-Premises SOAR Tool into a Cloud-First Automation Platform
In this blog, we discuss how Rapid7 Is transforming an on-premises SOAR tool into a cloud-first automation platform.
3 min
Vulnerability Management
Patch Tuesday - September 2020
129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday
(2020-Sep Patch Tuesday)
Despite maintaining the continued high volume of vulnerabilities disclosed and
patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday
is seemingly calm from an operations perspective -- at first glance.
While following standard procedures of scheduling the patching for Windows OSes
up front immediately closes the door against 60%+ of the vulnerabilities being
disclosed this
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/4/20
New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.
7 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of FTP
In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.
