1 min
Lost Bots
[The Lost Bots] S03E03. The Rise of The Machines
In this episode of The Lost Bots, Rapid7's Jeffrey Gardner and Stephen Davis discuss the state of AI today and where its going.
9 min
DFIR
The Velociraptor 2023 Annual Community Survey
Rapid7's Velociraptor team distributed our first community survey in early 2023. Here's what we learned!
9 min
Vulnerability Management
Patch Tuesday - May 2023
A relatively light 49 vulnerabilities patched in May 2023, including a new entry method for BlackLotus bootkit malware.
3 min
Metasploit
Metasploit Weekly Wrap-Up: May 5, 2023
Throw another log on the fire
Our own Stephen Fewer authored a module targeting CVE-2023-26360
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
11 min
Penetration Testing
AppDomain Manager Injection: New Techniques For Red Teams
This article details a variety of ways to perform and utilize AppDomain Manager Injection during red team operations.
6 min
Cloud Security
Cloud Security Strategies for Manufacturing
Most manufacturing organizations struggle with visibility issues in their hybrid cloud environments. This article offers strategies that can help.
4 min
Managed Detection and Response (MDR)
Three Takeaways from the Gartner® Market Guide for Managed Detection and Response Services
We are proud to offer this complimentary Gartner® Market Guide for Managed Detection and Response for businesses of all sizes.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/28/23
Scanner That Pulls Sensitive Information From Joomla Installations
This week's Metasploit release includes a module for CVE-2023-23752 by h00die
. Did you know about the improper API access
vulnerability in Joomla installations, specifically Joomla versions between
4.0.0 and 4.2.7, inclusive? This vulnerability allows unauthenticated users
access to web service endpoints which contain sensitive information such as user
and config information. This module can be used to
4 min
Cloud Security
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
In this article, we discuss how the recently released ISO 27001:2022 compliance pack for InsightCloudSec can benefit your organization.
4 min
InsightVM
Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem
Rapid7 Insight Agent and InsightVM Scan Assistant can improve visibility into your environment. This article explores how and when to use each.
4 min
Rapid7 Culture
Starting a Career in Tech? Learn How Rapid7’s Emerging Talent Programmes Foster Long-Term Success
Rapid7’s Emerging Talent Programmes pave the way for early career professionals to have a successful career in tech.
4 min
Gartner
4 Takeaways from the 2023 Gartner® Market Guide for CNAPP
In an ongoing effort to help security organizations gain greater visibility into risk, we're pleased to offer this complimentary Gartner research, and share our 4 takeaways from the 2023 Gartner® Market Guide for CNAPP.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 4/21/23
VMware Workspace ONE Access exploit chain
A new module contributed by jheysel-r7 exploits
two vulnerabilities in VMware Workspace ONE Access to attain Remote Code
Execution as the horizon user.
First being CVE-2022-22956 ,
which is an authentication bypass and the second being a JDBC injection in the
form of CVE-2022-22957
ultimately granting us RCE.
The module
3 min
Research
3 Key Challenges to Clarity in Threat Intelligence: 2023 Forrester Consulting Total Economic Impact™ Study
The 2023 Forrester Consulting Total Economic Impact™ Study of Threat Command looks at, among other things, the difficulties of obtaining clear threat intel.
6 min
Velociraptor
Automating Qakbot Detection at Scale With Velociraptor
This blog offers a practical methodology to extract configuration data from recent Qakbot samples.