20 min
Research
Open-Source Command and Control of the DOUBLEPULSAR Implant
Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.
5 min
Project Sonar
Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice
On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.
5 min
Vulnerability Management
How DHS and MITRE Collaborate to Validate Vulns
In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.
3 min
Application Security
DAST vs. SAST: Which solution is better?
Security and DevOps teams seemingly have to choose between speed and security. We think there's a better way.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/27/19
BlueKeep is Here
The BlueKeep exploit module
is now officially a
part of Metasploit Framework. This module reached merged status thanks to lots
of collaboration between Rapid7 and the MSF community members. The module
requires some manual configuration per target, and targets include both
virtualized and non-virtualized versions of Windows 7 and Windows Server 2008.
For a full overview of the exploit’s development and notes on use and d
1 min
Penetration Testing
This One Time on a Pen Test: Our Accidental Win
In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.
3 min
InsightVM
Four Ways to Improve Automated Vulnerability Management Efficiency with SOAR
In this post, we’ll cover four ways to leverage security orchestration and automation (SOAR) to improve your vulnerability management program and save time in the process.
1 min
Security Strategy
How to Easily Schedule a Meeting with Rapid7 Support
Rapid7 is pleased to announce that you can now schedule a meeting with your Support Engineer with the click of a button.
1 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/20/19
On the correct list
AppLocker and Software Restriction Policies control the applications and files
that users are able to run on Windows Operating Systems. These two protections
have been available to the blue team for years. AppLocker is supported on
Windows 7 and above, and Software Restriction Policies is supported on Windows
XP and above. Encountering either during an engagement could slow you down;
however, look no further than the evasion modules for assistance. Nick Tyrer
1 min
Penetration Testing
This One Time on a Pen Test: What’s in the Box?
Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.
5 min
Cloud Infrastructure
Strategies to Secure Cloud Environments
In a recent webcast, we discussed cloud security best practices, how to avoid common pitfalls, and how to work with DevOps to get the most out of your organization’s cloud investment.
4 min
Podcast
How to Drive Cybersecurity Transformation in Healthcare
On this week's episode of Security Nation, we spoke with Richard Kaufmann, the information security officer at Amedisys.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 13, 2019
Fall is in the air, October is on the way, and it is Friday the 13th. We have a
lot of updates and features that landed this week, though none are particularly
spooky, and unfortunately, none are json-related…1
We recently updated our digital signing keys, and some users may have seen
warnings that their Metasploit packages were not signed. We’ve fixed this as of
this week—apologies for any confusion. If you are still experiencing signing
issues, you may need to re-download Metasploit installer
2 min
Penetration Testing
This One Time on a Pen Test: The Pizza of Doom
Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.
3 min
Automation and Orchestration
Automating User Provisioning and Deprovisioning with Security Orchestration, Automation, and Response (SOAR)
Here are three ways security orchestration and automation tools can streamline the user provisioning and deprovisioning process.