3 min
Research
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.
1 min
Research
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/12/19
WordPress RCE
tiyeuse submitted a Metasploit module
for an authenticated
remote code execution vulnerability in WordPress, which was described in a blog
post by RIPS Technology . After
authenticating as a user with at least author privileges, the module starts by
uploading an image file with PHP code that will be used later. Then the image
metadata that references the file
3 min
Rapid7 Perspective
How to Start a Career in Cybersecurity: From Stay-at-Home Mom to Security Pro-in-Training
My name is Carlota Bindner, and here is my story on how I went from being a stay-at-home mom and community volunteer to participating in Rapid7's Security Consultant Development Program.
2 min
Metasploit
Metasploit Wrap-Up 4/5/19
Your workflow just got easier
Are you tired of copy/pasting module names from the search results before you
can use them? Thanks to this enhancement (PR #11652)
by Brent Cook
, you can now run search with the -u flag to
automatically use a module if there is only one result. Now you're one step
closer to popping a shell!
A pair of new JSO modules
Metasploit published research a few weeks ago on Java Serializ
5 min
Application Security
5 Considerations When Creating an Application Security Program
In this blog, we explain how to address application security within your organization and how this translates into building better code.
2 min
Research
Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know
The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/29/19
Introducing Metasploit Development Diaries
We are happy to introduce a new quarterly series, the Metasploit Development
Diaries. The dev diaries walk users and developers through some example exploits
and give detailed analysis of how the exploits operate and how Metasploit
evaluates vulnerabilities for inclusion in Framework. The first in the dev
diaries series features technical analysis by sinn3r
and includes modules from community
members and fellow rese
2 min
Threat Intel
Why and Where Cybercriminals Attack the Hospitality Industry
The gaming, leisure, and hospitality industry has been increasingly targeted by cybercrime and faces a unique set of security challenges.
3 min
Vulnerability Disclosure
R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing
A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.
3 min
Whiteboard Wednesday
How to Gain Security Visibility into a Modern Environment
In our latest installment of Whiteboard Wednesday, we break down the step-by-step approach you can take to gain visibility across a modern environment and the main areas you should focus on.
8 min
Public Policy
The IoT Cybersecurity Improvement Act of 2019
In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.
2 min
Events
Rapid7’s Partner Summit 2019: Thank You to Our Partners in EMEA!
We recently hosted our hugely successful EMEA Partner Summit 2019 in Portugal, meeting with over 85 partners from over 27 countries all around Europe, the Middle East, and Africa.
2 min
Metasploit
Introducing the Metasploit Development Diaries
In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.