Posts tagged Penetration Testing

2 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up 7/19/2024

A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 12/8/2023

New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.

7 min Penetration Testing

PenTales: What It’s Like on the Red Team

In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.

3 min Penetration Testing

Why Physical Social Engineering Engagements are an Important Part of Security

In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.

4 min Penetration Testing

PenTales: There Are Many Ways to Infiltrate the Cloud

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. Rapid7 was engaged to do an AWS cloud ecosystem pentest for a large insurance group. The test included looking at internal and external as

3 min Penetration Testing

PenTales: Testing Security Health for a Healthcare Company

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. Rapid7 was tasked with testing a provider website in the healthcare industry. Providers had the ability on the website to apply for jobs

6 min Penetration Testing

PenTales: Old Vulnerabilities, New Tricks

At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. This engagement began like any other Internal Network Penetration test [https://www.rapid7.com/fundamentals/penetration-testing/]. I follo

3 min Penetration Testing

PenTales: “User enumeration is not a vulnerability” – I beg to differ

In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.

6 min Metasploit

Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session

Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.

11 min Penetration Testing

AppDomain Manager Injection: New Techniques For Red Teams

This article details a variety of ways to perform and utilize AppDomain Manager Injection during red team operations.

13 min Metasploit

Metasploit Framework 6.3 Released

Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.

5 min Haxmas

2022 Annual Metasploit Wrap-Up

It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we also want to express our gratitude and appreciation for our stellar community of contributors, maintainers, and users. The Metasploit team merged 824 pull requests across Metasploit-related projects in 20

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 12/9/22

Login brute-force utility Jan Rude [https://github.com/whoot] added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave [https://github.com/cydave], destr4ct [https://github.com/destr4ct], and jheysel-r7 [https://github.com/jheysel-r7] contributed a new module that takes advantage of a vulnerable WordPress extension. Thi

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/14/22

Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.

3 min InsightIDR

A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR

At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.