2 min
Patch Tuesday
Patch Tuesday - October 2018
This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.
1 min
Metasploit
Introducing Metasploit’s First Evasion Modules
Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.
5 min
InsightAppSec
New Features: Rapid7 Launches Public API For InsightAppSec
Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 10/5/18
Metasploit’s Brent Cook, Adam Cammack, Aaron Soto, and Cody Pierce are offering themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at Derbycon.
4 min
InsightConnect
Security Orchestration and Automation: Not Just for Mature Organizations
Think that security, orchestration, and automation (SOAR) is only for mature organizations? Think again. Here are some ways your company can benefit from SOAR solutions.
4 min
Research
This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength
During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 9/28/18
Trevor Forget: Metasploit Town Hall @ Derbycon
Metasploit’s Brent Cook , Adam Cammack
, Aaron Soto , and Cody Pierce are offering
themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at
Derbycon . Heading to bourbon country next weekend?
Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil
some new hotness in Metasploit Framework and take questions and requests
8 min
Windows
PowerShell: How to Defend Against Malicious PowerShell Attacks
By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.
4 min
Threat Intel
How Cybercriminals Use Pinterest to Run Fraud Scams
There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.
4 min
Research
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?
2 min
Application Security
The Newegg Breach: PCI Means Nothing to Magecart
Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.
3 min
Penetration Testing
Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon
Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.
2 min
Penetration Testing
This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering
Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 9/21/18
Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.
2 min
Compliance
The British Airways Breach: PCI is Not Enough
Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.