3 min
Cybersecurity
20/20 Cybersecurity: Lessons Learned in 2024 and Strategies for a Stronger 2025
With 2024 rapidly coming to a close, many of us here at Rapid7 are taking a step back, reflecting upon the successes and learnings of the last 12 months, and looking ahead to the challenges and opportunities we could jointly face in the year ahead.
6 min
Metasploit
Metasploit Weekly Wrap-Up 11/01/2024
Pool Party Windows Process Injection
This Metasploit-Framework release includes a new injection technique deployed on
core Meterpreter functionalities such as process migration and DLL Injection.
The research of a new injection technique known as PoolParty
highlighted new ways to gain code execution on a remote process by abusing
Thread-Pool management features included on Windows kernel starting from Windows
Vista.
8 min
Velociraptor
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
In this post, we explore the structure of LNK files using Velociraptor, our open-source digital forensics and incident response (DFIR) tool.
7 min
Incident Response
Investigating a SharePoint Compromise: IR Tales from the Field
Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.
7 min
Surface Command
The Importance of Asset Context in Attack Surface Management.
This topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.
2 min
Metasploit
Metasploit Weekly Wrap-Up 10/25/2024
Hackers and Vampires Agree: Every Byte Counts
Headlining the release today is a new exploit module by jheysel-r7
that chains two vulnerabilities to target
Magento/Adobe Commerce systems: the first, CVE-2024-34102
is an arbitrary
file read used to determine the version and layout of the glibc library, and the
second, CVE-2024-2961
is a single
6 min
Surface Command
Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command
With our recent launch of the Command Platform, Rapid7 now delivers a more comprehensive view of your attack surface, with transparency that you can trust.
3 min
Emergent Threat Response
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.
3 min
Metasploit
Metasploit Weekly Wrap-Up 10/18/2024
ESC15: EKUwu
AD CS continues to be a popular target for penetration testers and security
practitioners. The latest escalation technique (hence the the ESC in ESC15) was
discovered by
Justin Bollinger with details being released just last
week. This latest configuration flaw has common issuance requirements to other
ESC flaws such as requiring no authorized signatures or manager approval.
Additionally, templa
4 min
Career Development
7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott
Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme.
5 min
Attack Surface Security
Understanding your Attack Surface: Different Approaches to Asset Discovery
In this post, we’ll delve intoprocess of discovering assets. We cannot secure what we cannot see so getting this piece right is foundational to the success of your ASM program. This blog will explore four different methods of asset discovery starting with the most basic, deployed software agents.
1 min
IoT
Root Access for Data Control: A DEF CON IoT Village Story
Our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.
2 min
Rapid7 Culture
Test Driving a New Benefit Programme in Belfast
Rapid7’s electric vehicle scheme was rolled out in late 2023 for Belfast employees. The programme enables employees to lease an electric car via their employer and pay for it on a salary sacrifice basis, offering substantial tax and national insurance savings.
13 min
Vulnerability Management
Patch Tuesday - October 2024
5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.
2 min
Metasploit
Metasploit Weekly Wrap-Up 10/04/2024
New module content (3)
cups-browsed Information Disclosure
Authors: bcoles and evilsocket
Type: Auxiliary
Pull request: #19510
contributed by bcoles
Path: scanner/misc/cups_browsed_info_disclosure
Description: Adds scanner module to retrieve CUPS version and kernel version
information from cups-browsed services.
Acronis Cyber Infrastructure default password remote code execution
Authors: Acronis Internatio