Posts tagged Research

2 min Metasploit

Metasploit Wrap-Up

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [] ported [] the PetitPotam [] exploit to Metasploit this week. This module leverages CVE-2021-36942 [], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t

4 min Research

Evolving How We Share Rapid7 Research Data

Our goal for Open Data has been to enable others to participate in these efforts, increasing the positive impact across the community.

4 min Threat Intel

The Big Target on Cyber Insurers' Backs

According to our research, cyber insurance providers are highly targeted in the insurance space. Find out why and what they can do to protect themselves.

3 min Ransomware

Is the Internet of Things the Next Ransomware Target?

What would it take for IoT to be the target of ransomware? This post takes a closer look.

3 min Research

Open-Source Security: Getting to the Root of the Problem

The past few weeks have shown us the importance and wide reach of open-source security.

5 min 2022 Planning

2022 Planning: Metrics That Matter and Curtailing the Cobra Effect

Creating metrics in cybersecurity is hard enough, but creating metrics that matter is a harder challenge still.

5 min Hacky Holidays 2021

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.

6 min IoT

A Quick Look at CES 2022

The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.

10 min Vulnerability Disclosure

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)

Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices.

2 min Metasploit

Metasploit Wrap-Up

Word and Javascript are a rare duo. Thanks to thesunRider []. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of events that slip through various Windows facilities, a session as the user who opened the document can be yours. Do you like spiders? It has been 3 years since SMB2 suppo

2 min Metasploit

Metasploit Wrap-Up

Metasploit CTF 2021 starts today It’s that time of year again! Time for the 2021 Metasploit Community CTF [] . Earlier today over 1,100 users in more than 530 teams were registered and opened for participation to solve this year’s 18 challenges. Next week a recap and the winners will be announced, so stay tuned for more information. Overlayfs LPE This week Metasploit shipped an exploit for the recent Overla

3 min Metasploit

Metasploit Wrap-Up

Self-Service Remote Code Execution This week, our own @wvu-r7 [] added an exploit module [] that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 [

3 min Metasploit

Metasploit Wrap-Up

Azure Active Directory login scanner module Community contributor k0pak4 [] added a new login scanner module for Azure Active Directory []. This module exploits a vulnerable [] authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint can be used to discover the validity of user

6 min IoT

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4

In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking.

2 min Cloud Security

Time to Act: Bridging the Gap in Cloud Automation Adoption

An overwhelming majority of organizations recognize the value of the cloud, but not all have implemented cloud automation in their security program.