Posts tagged Penetration Testing

4 min Research

Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity

Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
7 min Research

Cloud Pentesting, Pt. 2: Testing Across Different Deployments

Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.

4 min Research

Cloud Pentesting, Pt. 1: Breaking Down the Basics

More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?
2 min Metasploit

Metasploit Wrap-Up: Feb. 11, 2022

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [https://github.com/zeroSteiner] ported [https://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam [https://github.com/topotam/PetitPotam] exploit to Metasploit this week. This module leverages CVE-2021-36942 [https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Feb. 4, 2022

A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Oct. 29, 2021

Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/22/21

Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.
2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 10/15/21

Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/24/21

A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.
2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Aug. 20, 2021

New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 8/13/21

Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.

3 min Cybersecurity

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Jun. 25, 2021

Three fresh modules for Cisco targets and rConfig, plus new enhancements and fixes.
6 min Penetration Testing

Attack Surface Analysis Part 2: Penetration Testing

In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks.
3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: May 14, 2021

Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.

Popular Topics

Tags