Posts tagged Research

2 min News

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.

2 min This One Time on a Pen Test

This One Time on a Pen Test: How I Hacked a Self-Driving Car

In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
4 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of Citrix ADC/NetScaler.
5 min Research

The Story Behind Security Breaches

There are many potential causes of security breaches, but what is a common root cause? Human error.

5 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of Remote Desktop (RDP)

In this edition of our NICER Protocol Deep Dive blog series, we break down the internet exposure of remote desktop (RDP).
3 min Research

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.

2 min This One Time on a Pen Test

This One Time on a Pen Test: Doing Well With XML

In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.
6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of SMTP

In this installment of our NICER Protocol Deep Dive blog series, we discuss internet exposure of SMTP.
2 min This One Time on a Pen Test

This One Time on a Pen Test: I Know...Everything

In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
9 min Metasploit

Exploitability Analysis: Smash the Ref Bug Class

Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.
5 min Research

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.

6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of rsync

In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.
2 min This One Time on a Pen Test

This One Time on a Pen Test: Ain’t No Fence High Enough

In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.
2 min Research

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.
6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of SMB

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.

Popular Topics

Tags