9 min
Vulnerability Management
So, You Think You Can Query?
In this blog, we are going to explore the basics of how to make queries in our cloud-based vulnerability management solution, InsightVM.
3 min
Vulnerability Disclosure
Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know
Here's what you need to know about the recent Zoom vulnerability disclosure.
4 min
InsightIDR
Securing Your Cloud Environments with InsightIDR, Part 2: Amazon Web Services (AWS)
In this blog, we will talk about threat detection for the world’s most popular cloud host, Amazon Web Services (AWS).
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 7/5/19
Injecting the Time Machine
From contributor timwr comes a new module targeting
Time Machine on macOS 10.14.3 and earlier. Specifically, the tmdiagnose binary
for these vulnerable versions suffers from a command injection vulnerability
that can be exploited via a specially crafted disk label. This new module uses
an existing session for exploitation on the target, allowing the Framework user
to run a payload as root.
What’s on TV?
If you are nearby to a vulnerable Supr
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/28/19
I am Root
An exploit module
for Nagios XI v5.5.6 was added by community contributor yaumn
. This module includes two exploits chained together
to achieve code execution with root privileges, and it all happens without
authentication. A single unsanitized parameter in magpie_debug.php enables the
ability to write arbitrary PHP code to a publicly accessible directory and get
code execution. Privilege escalation
4 min
Azure
Securing Your Cloud Environments with InsightIDR, Part 1: Microsoft Azure
This post reviews logging considerations for Microsoft Azure environments, and integrations and detections available in Rapid7’s cloud SIEM, InsightIDR.
1 min
Metasploit
Metasploit Development Diaries: Q2 2019
Hey folks, it's towards the end of the second quarter, which means it's high
time for another Metasploit Dev Diary! If you already know what this series is
about, feel free to just click on over here
and read away. If you need more convincing, here's the skinny.
Once a quarter, the indomitable Metasploit
engineering team is going to pull
you, dear reader, behind the cur
2 min
InsightVM
How Rapid7’s AWS Security Hub Integrations Increase Cloud Visibility and Automate Security Operations
As part of our ongoing commitment to support customers using Amazon Web Services (AWS), Rapid7 announces integrations with the AWS Security Hub for vulnerability management and SOAR solutions.
3 min
InsightVM
Rapid7 Releases Cloud Configuration Assessment Capabilities in InsightVM
Rapid7 is pleased to announce that we have released new Cloud Configuration Assessment capabilities in our InsightVM vulnerability management solution.
5 min
Podcast
Great Barrier Grief: How to Break Through Bottlenecks with Automated AppSec
In our brand-new podcast, Security Nation, Zate Berg of Indeed.com explains how he avoided making his team an engineering bottleneck through automated appsec.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 6/21/19
TLS support and expanded options for the BlueKeep scanner module, two new modules for Cisco Prime Infrastructure, and more.
3 min
InsightVM
Blocking User Access to Vulnerable Assets with CyberArk and InsightVM
With InsightVM's new integration with the CyberArk Privileged Access Security Solution, user access to vulnerable assets can be automatically restricted until the issue is eliminated.
3 min
InsightIDR
Announcing CyberArk and InsightIDR Integration: Connect CyberArk with InsightIDR to Visualize and Investigate Your Privileged Access
To help companies monitor user behavior, secure privileged access, and identify attacks on passwords, we are teaming up with CyberArk.
3 min
Project Sonar
Attack Surface Monitoring with Project Sonar
Attack Surface Monitoring with Project Sonar can help you reduce and monitor your attack surface.
5 min
Metasploit
Metasploit Hackathon Wrap-Up: What We Worked On
As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.