All Posts

The Risks of Exposing DICOM Data to the Internet

DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.

12 min Patch Tuesday

Patch Tuesday - October 2023

Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 6, 2023

New module content (3) LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: #18197 contributed by dwelch-r7 Path: scanner/ldap/ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication against various different protocols and mechanisms. This LDAP login scanner supports multiple types of aut

8 min Research

Little Crumbs Can Lead To Giants

This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).

4 min Detection and Response

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.

3 min Emergent Threat Response

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.

2 min Managed Detection and Response (MDR)

Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR

Rapid7 has expanded Managed Threat Complete to include native NGAV and DFIR powered by our universal Insight Agent.

4 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q3 2023 in Review

In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.

3 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 29, 2023

TeamCity authentication bypass and remote code execution This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource, and the Metasploit module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who additionally published a technical analysis on AttackerKB for CVE-2023-4279

6 min Emergent Threat Response

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WS_FTP Server , a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical (CVE-2023-40044 and CVE-2023-42657). Our research team has identified what appears to be the .NET deserialization vulnerability (CVE-2023-40044) and confirmed that it is exploitable with a single HTTPS POST request and a pre

3 min DFIR

Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Rapid7 is excited to announce the integration of Velociraptor, our leading open-source DFIR framework, into the Insight Platform for InsightIDR Ultimate users — all with no additional deployment or configurations required.

3 min InsightVM

Introducing Active Risk

Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.

2 min Emergent Threat Response

CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers

On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.

4 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 22, 2023

Improved Ticket Forging Metasploit’s admin/kerberos/forge_ticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary elements added automatically based on the user provided domain SID and user RID. For example: msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649

4 min MITRE ATT&CK

Rapid7 2023 MITRE Engenuity ATT&CK® Evaluations

InsightIDR has evolved to stay in front of emergent threats and expanding attack surfaces, and now we are proud to share our participation and results from the most recent MITRE Engenuity ATT&CK Evaluation: Enterprise.