2 min
Ransomware
Layered Defense to Stop Attacks Before they Begin
Ransomware has evolved from opportunistic attacks to highly orchestrated campaigns driven by cyber criminals who are seeking high financial gains.
2 min
Career Development
Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council
Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC).
1 min
Events
Take Command Summit: A Message from Rapid7 Chairman and CEO, Corey Thomas
The Rapid7 Take Command Summit
[https://rapid7.brighttalk.com/?utm_source=blog&utm_medium=website&utm_content=blog-3&utm_campaign=global-mdr-take-command-summmit-prospect-eng-cyas]
is just two short weeks away. We’re busy putting together one of the most
impactful programs on the latest in cybersecurity trends, technology, and
innovations available, and we are eager to share it with all of you.
So eager, in fact, that Chairman and CEO of Rapid7, Corey Thomas, has a special
message to share.
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline
This week, our very own cdelafuente-r7 [https://github.com/cdelafuente-r7] added
a significant improvement to the well-known Windows Secrets Dump module
[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb]
to reduce the footprint when dumping SAM hashes, LSA secrets and cached
credentials. The module is now directly reading the Windows Registry remotely
without having to dump the full registry keys to disk and parse th
2 min
Events
The Take Command Summit: A Stacked Agenda, and Killer Guest Speakers Coming Your Way May 21
The Take Command Summit, Rapid7’s day-long virtual summit on May 21, is bringing together some of the best minds in the cybersecurity sphere for comprehensive discussions on the latest data, challenges, and opportunities in the industry
4 min
The Business of Cybersecurity Ownership
Cyber ownership can often be overlooked or misunderstood within an organization. Responsibility and accountability should not rest solely on the CISO's shoulders.
11 min
Velociraptor
Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More
Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features.
4 min
Metasploit
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules
This week, Metasploit community member h00die [https://github.com/h00die] added
the second of two modules targeting Rancher instances. These modules each leak
sensitive information from vulnerable instances of the application which is
intended to manage Kubernetes clusters. These are a great addition to
Metasploit’s coverage for testing Kubernetes environments
[https://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit also released an e
2 min
Awards
USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award
This past Friday, April 19, the University of South Florida (USF) College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa.
3 min
Emergent Threat Response
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. Successful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, and remote code execution.
2 min
Events
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.
2 min
Metasploit
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module
It's not every week we add an awesome new exploit module to the Framework while
adding the original discoverer of the vulnerability to the Rapid7 team as well.
We're very excited to welcome Ryan Emmons to the Emergent Threat Response team,
which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly
Controlled Modification of Dynamically-Determined Object Attributes
vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic
6 min
PCI
Enforce and Report on PCI DSS v4 Compliance with Rapid7
The PCI Security Standards Council (PCI SSC) is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide.
2 min
Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization
Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program (TX-RAMP) authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security solutions.
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
The new release of Metasploit Framework includes a Shadow Credentials module
added by smashery [https://github.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active Directory user account or computer, and
letting future authentication to happen as that account. This can be chained
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a