3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
It's CTF week(end)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: CSRF to Password Reset Phishing
In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.
1 min
Under the Hoodie
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
In this iteration of our "This One Time on a Pen Test" series, our client was a private equity company, and the task was to do an onsite wireless pen test from the lobby outside their office.
3 min
This One Time on a Pen Test
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Ain’t No Fence High Enough
In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.
2 min
Penetration Testing
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.
2 min
Penetration Testing
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.
2 min
Penetration Testing
This One Time on a Pen Test: Playing Social Security Slots
This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.