Posts by Brent Cook

2 min Vulnerability Management

Active Exploitation of Unpatched Windows Font Parsing Vulnerability

Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).

2 min Vulnerability Management

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 1/31/20

Happy CTF week, folks! If you haven't already been following along with (or competing in) Metasploit's global community CTF [/2020/01/15/announcing-the-2020-metasploit-community-ctf/], it started yesterday and runs through Monday morning U.S. Eastern Time. Registration has been full for a while, but you can join the #metasploit-ctf channel on Slack [https://metasploit.com/slack] to participate in the joy and frustration vicariously. This week's Metasploit wrap-up takes a look back at work done

4 min Metasploit

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)

Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework.

5 min Metasploit

Metasploit Hackathon Wrap-Up: What We Worked On

As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.

5 min Metasploit

Metasploit Framework 5.0 Released!

We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year.

5 min Haxmas

Advice for the Lazy Family Sysadmin

With some careful choices, you can be a lazy family system administrator this holiday. Here’s my experience, along with some tips.

4 min Metasploit

Metasploit Wrapup: 10/26/18

We got to hit the build button three times this week. It's not something that we normally do, since the Metasploit release each week triggers automatically. But it's been such a week of surprise vulnerabilities and improvements that it made sense to get a few extra builds out the door. So, Metasploit this week jumps from 4.14.18 to 4.17.21. Look for it during your next Metasploit romp. Exploit wrapup While the excitement around libssl CVE-2018-10933 [https://github.com/rapid7/metasploit-framewo

3 min Metasploit

Metasploit Wrapup: 8/17/18

We had a great time meeting everyone at the various Metasploit events at hacker summer camp last week, including two popup capture the flag events with Metasploitable3, the Open Source Security Meetup and selling Metasploit 0xf Anniversary Tour.

4 min Metasploit Weekly Wrapup

Metasploit Wrapup 4/2/18

Spring has come again to Austin, TX, home of the Rapid7 Metasploit team. While the season here brings pollen and allergies, it also brings fields full of bluebonnets and folks taking pictures before they all disappear. Let's celebrate by looking at what's popped up in Metasploit this week. New Data Model Last week, we landed the beginning of a new backend service for Metasploit, dubbed 'Goliath', which creates a new abstraction between Metasploit Framework and how it interacts with the databa

1 min Metasploit Weekly Wrapup

Metasploit Wrapup 1/19/18

Metasploit 5 Development Has Begun It's 2018, the ice is melting in Austin, and as we hinted last October [/2017/10/13/metasploit-wrapup-metasploit-5-or-bust/], Metasploit 5 development efforts have begun in earnest. We have a laundry list [https://github.com/rapid7/metasploit-framework/pull/9259] of features that we are working on for it. The first feature merged in Metasploit 5 [https://github.com/rapid7/metasploit-framework/pull/9220] replaces the module cache, which decreases the memory used

7 min Haxmas

12 Memorable Metasploit Moments of 2017

This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.

2 min Metasploit

Metasploit Wrapup: Metasploit 5 or Bust

What's coming down the pipeline for Metasploit? Brent Cook brings you October's first Metasploit wrap-up.

1 min Metasploit

Metasploit: The New Shiny

It's been a while since I've written a blog post about new stuff in Metasploit [https://www.rapid7.com/products/metasploit/download/] (and I'm not sure if the editors will let me top the innuendo of the last one [/2017/02/09/metasploit-framework-valentines-update/]). But I'm privileged to announce that I'm speaking about Metasploit twice next month: once at the FSec 17 Conference [http://fsec.foi.hr/] in Varaždīn, Croatia September 7-8, and a second time at UNITED 2017 [https://unitedsummit.org/

2 min

Metasploit Framework Valentines Update

Valentines day is just around the corner! What could be a nicer gift for your sweetie than a bundle of new Metasploit Framework updates? The community has been as busy as ever delivering a sweet crop of sexy exploits, bug fixes, and interesting new features. Everyone Deserves a Second Chance Meterpreter Scripts have been deprecated for years [https://github.com/rapid7/metasploit-framework/pull/3812] in favor of Post Exploitation modules, which are much more flexible and easy to debug. Unfortuna