2 min
Vulnerability Management
Active Exploitation of Unpatched Windows Font Parsing Vulnerability
Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).
2 min
Vulnerability Management
Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)
This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 1/31/20
Happy CTF week, folks! If you haven't already been following along with (or
competing in) Metasploit's global community CTF
[/2020/01/15/announcing-the-2020-metasploit-community-ctf/], it started
yesterday and runs through Monday morning U.S. Eastern Time. Registration has
been full for a while, but you can join the #metasploit-ctf channel on Slack
[https://metasploit.com/slack] to participate in the joy and frustration
vicariously.
This week's Metasploit wrap-up takes a look back at work done
4 min
Metasploit
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework.
5 min
Metasploit
Metasploit Hackathon Wrap-Up: What We Worked On
As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.
5 min
Metasploit
Metasploit Framework 5.0 Released!
We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year.
5 min
Haxmas
Advice for the Lazy Family Sysadmin
With some careful choices, you can be a lazy family system administrator this holiday. Here’s my experience, along with some tips.
4 min
Metasploit
Metasploit Wrapup: 10/26/18
We got to hit the build button three times this week. It's not something that we
normally do, since the Metasploit release each week triggers automatically. But
it's been such a week of surprise vulnerabilities and improvements that it made
sense to get a few extra builds out the door. So, Metasploit this week jumps
from 4.14.18 to 4.17.21. Look for it during your next Metasploit romp.
Exploit wrapup
While the excitement around libssl CVE-2018-10933
[https://github.com/rapid7/metasploit-framewo
3 min
Metasploit
Metasploit Wrapup: 8/17/18
We had a great time meeting everyone at the various Metasploit events at hacker summer camp last week, including two popup capture the flag events with Metasploitable3, the Open Source Security Meetup and selling Metasploit 0xf Anniversary Tour.
4 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/2/18
Spring has come again to Austin, TX, home of the Rapid7 Metasploit team. While
the season here brings pollen and allergies, it also brings fields full of
bluebonnets and folks taking pictures before they all disappear. Let's celebrate
by looking at what's popped up in Metasploit this week.
New Data Model
Last week, we landed the beginning of a new backend service for Metasploit,
dubbed 'Goliath', which creates a new abstraction between Metasploit Framework
and how it interacts with the databa
1 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/19/18
Metasploit 5 Development Has Begun
It's 2018, the ice is melting in Austin, and as we hinted last October
[/2017/10/13/metasploit-wrapup-metasploit-5-or-bust/], Metasploit 5 development
efforts have begun in earnest. We have a laundry list
[https://github.com/rapid7/metasploit-framework/pull/9259] of features that we
are working on for it. The first feature merged in Metasploit 5
[https://github.com/rapid7/metasploit-framework/pull/9220] replaces the module
cache, which decreases the memory used
7 min
Haxmas
12 Memorable Metasploit Moments of 2017
This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.
2 min
Metasploit
Metasploit Wrapup: Metasploit 5 or Bust
What's coming down the pipeline for Metasploit? Brent Cook brings you October's first Metasploit wrap-up.
1 min
Metasploit
Metasploit: The New Shiny
It's been a while since I've written a blog post about new stuff in Metasploit
[https://www.rapid7.com/products/metasploit/download/] (and I'm not sure if the
editors will let me top the innuendo of the last one
[/2017/02/09/metasploit-framework-valentines-update/]). But I'm privileged to
announce that I'm speaking about Metasploit twice next month: once at the FSec
17 Conference [http://fsec.foi.hr/] in Varaždīn, Croatia September 7-8, and a
second time at UNITED 2017 [https://unitedsummit.org/
2 min
Metasploit Framework Valentines Update
Valentines day is just around the corner! What could be a nicer gift for your
sweetie than a bundle of new Metasploit Framework updates? The community has
been as busy as ever delivering a sweet crop of sexy exploits, bug fixes, and
interesting new features.
Everyone Deserves a Second Chance
Meterpreter Scripts have been deprecated for years
[https://github.com/rapid7/metasploit-framework/pull/3812] in favor of Post
Exploitation modules, which are much more flexible and easy to debug.
Unfortuna