2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 1/4/19
Happy New Year to the Metasploit community! As we kick off 2019, we're excited
to see all the modules, enhancements, and discussions the new year will bring.
Ring In 2019 With SSL
There is a new datastore option
courtesy of wvu
called CMDSTAGER::SSL. This exposes the ability to
enable SSL/TLS command stagers with set cmdstager::ssl true.
Auld Erlang Syne
Good news if you're a fan of the multi/misc/erlang_co
6 min
Haxmas
Happy HaXmas! Year-End Internet Scanning Observations
As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.
7 min
Haxmas
Santa's ELFs: Running Linux Executables Without execve
Santa's ELFs do not get a post-holiday break, since the Executable and Linkable Format (ELF) is the base of numerous Unix-like operating systems.
25 min
Haxmas
The Ghost of Exploits Past: A Deep Dive into the Morris Worm
In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.
5 min
Haxmas
HaXmas Review: 12 Patch Tuesdays a-Patching
Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.
4 min
Haxmas
The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference
Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.
5 min
Haxmas
Advice for the Lazy Family Sysadmin
With some careful choices, you can be a lazy family system administrator this holiday. Here’s my experience, along with some tips.
4 min
Haxmas
Once a Haxer, Always a Haxor
Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.
7 min
Haxmas
The New Shiny: Memorable Metasploit Moments of 2018
Happy HaXmas, friends. Metasploit turned 15 this year, and by all accounts, 2018 was pretty epic.
3 min
Haxmas
R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)
Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.
4 min
Haxmas
The Return of Snapid Kevin to the North Pole
Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?
3 min
Haxmas
The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018
It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 12/21/18
Safari Proxy Object Type Confusion
Metasploit committer timwr recently added a macOS
Safari RCE exploit module
based on a solution
that saelo
developed and used successfully at Pwn2Own 2018
.
saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox
13 min
Research
Rsunk your Battleship: An Ocean of Data Exposed through Rsync
Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet.
3 min
InsightVM
How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations
Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.