Insight Agent on Windows systems searches for local dependencies in several locations, including in directories in the system PATH variable. As this can include arbitrary directories, and the Agent doesn't specify the directories to search, an attacker with local admin access could place a (potentially malicious) DLL in a directory in that path, causing the Agent to load that library.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center