Posts tagged Penetration Testing

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New session validation enhancements across command shell types verify sessions have been established and are responsive before they can be used. Plus, JSON RPC service improvements, three new modules, and more fixes and enhancements.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Spilling the (Gi)tea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user's ability to create Git hooks by authenticating with the web interface, creating a dummy repos

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Six new modules targeting F5, SaltStack, Exchange Server, and more, plus some significant performance improvements and fixes.

4 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A local exploit for a Windows Server 2012 DLL hijacking vulnerability, plus a slew of fixes and improvements.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF [/2020/12/07/congrats-to-the-winners-of-the-2020-december-metasploit-community-ctf/] and achieved 100 or more points: If you missed out on participating in this most recent event, be sure to follow the Metasploit Twitter [https://twitter.com/metasploit] and Metasploit blog posts [/ta

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

It's CTF week(end)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.

2 min This One Time on a Pen Test

This One Time on a Pen Test: CSRF to Password Reset Phishing

In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.

1 min Under the Hoodie

Behind the Scenes: Under the Hoodie 2020 Video Series

In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.

2 min This One Time on a Pen Test

This One Time on a Pen Test: How I Hacked a Self-Driving Car

In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.

2 min This One Time on a Pen Test

This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi

In this iteration of our "This One Time on a Pen Test" series, our client was a private equity company, and the task was to do an onsite wireless pen test from the lobby outside their office.

3 min This One Time on a Pen Test

This One Time on a Pen Test: Doing Well With XML

In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.

2 min This One Time on a Pen Test

This One Time on a Pen Test: I Know...Everything

In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.