Posts tagged Penetration Testing

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Hello, World! This week’s wrapup features six new modules, including a double-dose of Synology and everyone’s favorite, Pi-Hole. Little NAS, featuring RCE Synology stations are small(ish) NAS devices, but as Steve Kaun, Nigusu Kassahun, and h00die have shown, they are not invulnerable. In the first module, a command injection exists in a scanning function that allows for an authenticated RCE, and in the second, a coding feature leaks whether a user exists on the system, allowing for brute-forc

3 min Vulnerability Risk Management

Meet AttackerKB

Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.

4 min OSCP

Lessons Learned from an Unlikely Path to My OSCP Certification

In this blog, our own Patrick Laverty discusses lessons learned from his path to a Offensive Security Certified Professional (OSCP) certification.

5 min Penetration Testing

Ask a Pen Tester Q&A, Part 2: Everything You Need to Know About the Art of Penetration Testing

We sat down with our own penetration testers to answer some of your questions about what exactly pen testing entails.

3 min Penetration Testing

What You Need to Know to Get Started in the Penetration Testing Field

In this blog, we sat down with our own penetration testers to answer some of your questions to help get you started in the field.

7 min Penetration Testing

This One Time on a Pen Test, Halloween Edition: An Ode to Our Favorite Pen Tester Disguises

In honor of Halloween, we wanted to celebrate by sharing a few of our Rapid7 pen testers’ costumed crusades.

3 min Penetration Testing

This One Time on a Pen Test: “Let Me Get That for You”

In this blog, we discuss how our team successfully gained access to a client's physical building in an unlikely way.

1 min Penetration Testing

This One Time on a Pen Test: Our Accidental Win

In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.

2 min Penetration Testing

This One Time on a Pen Test: What’s in the Box?

Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.

2 min Penetration Testing

This One Time on a Pen Test: The Pizza of Doom

Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.

2 min Penetration Testing

This One Time on a Pen Test: Your Mouse Is My Keyboard

In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.

2 min Penetration Testing

This One Time on a Pen Test: Nerds in the NERC

Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.

3 min Penetration Testing

This One Time on a Pen Test: Missed a Spot

In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.