All Posts

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New modules for Jira user enumeration, Git Remote Code execution via git-lfs, Geutebruck Camera post exploitation module, and unauthenticated RCE in elFinder PHP application

3 min Detection and Response

SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal

The SANS Institute has conducted its sixth annual Threat Hunting Survey. Read this post for a preview of the survey's findings and its takeaways.

5 min Ransomware

The Ransomware Killchain: How It Works, and How to Protect Your Systems

How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.

1 min Security Nation

[Security Nation] Craig Williams of Cisco Talos on Proxyware

In this episode of Security Nation, Jen and Tod chat with Craig Williams, recently of Cisco Talos, about proxyware and integrating security acquisitions the right way.

4 min Cloud Security

OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability

On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).

7 min Patch Tuesday

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.

1 min Lost Bots

[The Lost Bots] Episode 5: Insider Threat

In this episode of The Lost Bots, we’re joined by Alan Foster (Manager, Domain Engineers) to discuss insider threats.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu [https://github.com/wvu-r7] along with Jang [https://twitter.com/testanull] added a module that exploits an OGNL injection ( CVE-2021-26804 [https://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection] )in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and Confluence Data Center and is actively being expl

8 min Ransomware

The Rise of Disruptive Ransomware Attacks: A Call To Action

Ransomware attacks are on the rise. In this post, we examine the dynamics of this trend and where it might be headed.

2 min Cloud Security

Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report

The cloud has increased innovation, but it’s also impacted security risks. Our 2021 Cloud Misconfigurations Report takes a closer look at those risks.

4 min Detection and Response

Security at Scale in the Open-Source Supply Chain

Securing supply chains based on open-source software requires scalable vulnerability management and vigilant monitoring.

6 min Vulnerability Disclosure

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Rapid7 researchers discovered that the Akkadian Console version 4.7, a call manager solution, is affected by two vulnerabilities.

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.

3 min Detection and Response

Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components

We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.

2 min Emergent Threat Response

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.