Posts tagged Zero-day

3 min News

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.

18 min Zero-day

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM.

2 min Zero-day

Weekly Metasploit Wrapup: SMB File Shares

Sharing is Caring One of the nits we've all had to pick with Metasploit is that when you have a module that involves getting a client to connect to an evil SMB server to fetch a file, the strategy usually used involved generating the file with a module then serving that up on your own Samba or Windows share. This worked, of course, but what a hassle. Who wants to run two things [https://www.youtube.com/watch?v=nXZMdeOLk78]? Nobody! Well, those days are now behind us, thanks largely to the Hercu

3 min Zero-day

R7-2014-10 Disclosure: Yokogawa CENTUM CS3000 BKBCopyD.exe File System Access

This blog post represents the final disclosure of the the Yokogawa CENTUM CS3000 vulnerability discussed by Tod Beardsley (@todb [https://twitter.com/todb]) and Jim Denaro (@cipherlaw [https://twitter.com/cipherlaw]) on their DEFCON talk, " How To Disclose an Exploit Without Getting in Trouble [https://www.defcon.org/html/defcon-22/dc-22-speakers.html#Denaro]". A link to that talk, and the slides, will be available shortly. Let's start with a quote from the Yokogawa description of their own pro

2 min Flash

Weekly Metasploit Update: More Meterpreters!

Meterpreter for All The Platforms This week is pretty exciting for us, since it's not every day we give out commit rights [https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys] to the Rapid7 Metasploit repo. I'm very happy to report that Tim Wright [https://github.com/timwr] has agreed to step up and help out with moving Meterpreter research and development forward, focusing mainly on the Java and Android implementations. Many Metasploit users are familiar with Meterpreter for Wi

1 min Nexpose

IE 0-day, we got you covered

News broke [http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html] this weekend of yet another IE 0-day under ("limited, targeted") exploitation in the wild.  Microsoft responded [https://technet.microsoft.com/en-US/library/security/2963983] with an advisory, but no patches yet.  Given that the risk from the known exploit is mitigated by the usual defence in depth tactics [https://technet.mic

13 min Zero-day

R7-2013-19 Disclosure: Yokogawa CENTUM CS 3000 Vulnerabilities

On Saturday, March 8th, @julianvilas [https://twitter.com/julianvilas] and I spoke at RootedCON [https://www.rootedcon.es/?lang=en] about our work with the Yokogawa CENTUM CS3000 product. Today, as promised, we're publishing details for three of the vulnerabilities found in the product. For all of you who weren't able to attend RootedCON, we're going just to quote the Yokogawa description of their own product [http://www.yokogawa.com/dcs/products/cs3000/overview/dcs-3k-0101en.htm] in order to in

2 min Metasploit

Federal Friday - 2.28.14 - Flash Zero Day Targets Foreign Policy Sites

Federal Friday has come again, which means another week has passed us by. It's been a busy week for the Moose of Rapid7 with an imminent move for our Boston HQ for on the horizon. We also had a great week at RSA with SC Magazine naming Nexpose the Best Vulerability Management Solution! The threat landscape has had a wild few days with a major security flaw for Apple desktops and iOS devices as well as another IE zero day being discovered. In addition, a detailed report from FireEye [http://www.

9 min Vulnerability Disclosure

Seven FOSS Tricks and Treats (Part Two)

Adventures in FOSS Exploitation, Part Two: Exploitation This is part two of a pair of articles about disclosing vulnerabilities in a set of FOSS projects, see part one [/2013/10/30/seven-foss-disclosures-part-one] for some background on these vulnerabilities in particular, and some general advice for FOSS developers and maintainers. A while back, I started a project to go over some of the top Sourceforge web applications and try to write some Metasploit modules for them. In the end, I was able

2 min Phishing

Federal Friday - 10.18.2013 - The "We're Back In Business" Edition

After a tough start to FY14, a sense of normalcy should start to creep back in over the coming weeks. Even though the folks in the House and Senate merely delayed their budgetary discussions, we can only hope that some hard lessons were learned this time around and that come January our collective backs won't be up against the wall again. Unfortunately the under-valued thespian, Nicolas Cage, won't be representing my feelings in this week's blog as we have some things to talk about. One of the

2 min Internet Explorer

IE 0-day: exploit code is now widely available (CVE-2013-3893)

Any newly discovered Internet Explorer zero day vulnerability is bad for users. But once the exploit code gets around to public disclosure sites, it's so much worse. In the past day or so exploit code has been submitted to virustotal.com and scumware.org. Users and administrators should take immediate action to mitigate the risk posed by CVE-2013-3893 [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893].  Considering the timing, I personally expect to see an out of band patch fro

2 min Metasploit

Metasploit Update: Weaponizing Local Exploits

Weaponizing Local Exploits This week's update features an exploit for Tavis @taviso [https://twitter.com/tavsio] Ormandy's vulnerability in the EPATHOBJ::pprFlattenRec [http://seclists.org/fulldisclosure/2013/May/91] function, which lives in win32k.sys on pretty much any Windows machine you're likely to run into. A whole lot of people threw in on this module to make this exploit reliable in Metasploit -- Tavis and progmboy wrote the original C exploit, new contributor @Keebie4e [https://github

3 min Exploits

Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit

Recently, the U.S. Department of Labor website was compromised [http://www.eweek.com/security/zero-day-exploit-enabled-cyber-attack-on-us-labor-department/] and had been serving malicious code, capable of detecting and disabling some antivirus products such as Avira, F-Secure, Kaspersky, AVG, Sophos, etc.  It would also attack Internet Explorer 8 users with an 0-day exploit.  The Metasploit vulnerability research community was particularly interested in the exploit part, therefore that's what w

5 min Metasploit

Exploit Trends: Top 10 Searches for Metasploit Modules in October

Time for your monthly dose of Metasploit exploit trends! Each month we gather this list of the most searched exploit and auxiliary modules from the Metasploit database. To protect users' privacy, the statistics come from analyzing webserver logs of searches, not from monitoring Metasploit usage. October was a quiet month for exploit headlines, so not a whole lot of action on the list. The high traffic to Java and IE modules from their respective 0-days settled down, so you'll see some shuffli

5 min Metasploit

Exploit Trends: Java and IE 0days

Each month we report the top ten searched exploit and auxiliary modules on metasploit.com. The statistics are drawn from our exploit database by analyzing webserver logs of searches, not through Metasploit usage which is not tracked to preserve privacy. With the Java and Internet Explorer 0-days in August and September, this month's exploit trends from Metasploit really shook-up the status quo. And, just to make things more interesting, there are a couple exploits from April that came back fo