4 min
InsightConnect
How to Develop a SOAR Workflow to Automate a Critical Daily Task
In this blog post, I’ll provide an overview of my experience developing a URL Blocking workflow to fit my organization’s specific needs – and perhaps those of your organization as well!
2 min
Emergent Threat Response
CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities
On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security
Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516
announcing fixes for three vulnerabilities:
* CVE-2022-27510
“Unauthorized access to Gateway user capabilities”
* CVE-2022-27513
3 min
Application Security
GraphQL Security: The Next Evolution in API Protection
GraphQL allows the user to query specific data from a GraphQL schema and return precise results.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/11/22
ADCS - ESC Vulnerable certificate template finder
Our very own Grant Willcox has developed a new module which allows users to
query a LDAP server for vulnerable Active Directory Certificate Services (AD CS)
certificate templates. The module will print the detected certificate details,
and the attack it is susceptible to. This module is capable of checking for
ESC1, ESC2, and ESC3 vulnerable certificates.
Example module output showing an identified vulnerable certificate template:
msf6 auxiliar
1 min
Emergent Threat Response
Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.
4 min
Security Operations (SOC)
Culture Fitness
Companies all over the world tout their positive cultures and how great it is to be part of the team. But what a shrewd potential hire should really be looking for is a culture with true depth, not just a social media presence.
3 min
Cloud Security
Cloud Security: Buyer Be Critical
Explore how to make the best case for more – or any – cloud security at your company, plus get a handy checklist to use when looking into a potential solution. Get started now with the 2022 edition of The Complete Cloud Security Buyer’s Guide from Rapid7.
2 min
DAST
New Research: Optimizing DAST Vulnerability Triage with Deep Learning
In new paper, Rapid7 data scientists outline a novel deep learning model to automatically prioritize application security vulnerabilities and reduce false positive friction.
3 min
MITRE ATT&CK
New MITRE Engenuity ATT&CK® Evaluation: Rapid7 MDR Excels
Rapid7 MDR was excited to participate in MITRE's inaugural evaluation. This evaluation was an opportunity to show a wider audience the early detection, accelerated action, and deep partnership engagement that Rapid7 MDR delivers to customers across the globe every day.
6 min
Vulnerability Management
Patch Tuesday - November 2022
Microsoft has patched the two zero-day vulnerabilities in Exchange from September, along with 67 new CVEs (4 of which are also zero-days). Most vulnerabilities this month affect Windows.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to gain root access over the device's secure shell protocol (SSH).
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/4/22
C is for cookie
And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel
added an exploit module based on CVE-2022-24706
targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie
that allows users to run OS commands.
This fake computer I just made says I’m an Admin
Metasploit’s zeroSteiner added a module to
perform Role-based Constrained Delegation (RBCD) on an Active Directory network.
1 min
Emergent Threat Response
Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)
CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.
1 min
Managed Detection and Response (MDR)
Go Inside Rapid7 MDR: Timelines and Tick Tocks
In this new eBook you’ll find real life examples of common threats handled end-to-end by Rapid7 MDR. You can check out the speed and accuracy with which our global SOC experts identify, contain, and respond to attacks.
3 min
Vulnerability Management
Common questions when evolving your VM program
A recent webinar led by two of Rapid7’s leaders, Peter Scott and Cindy Stanton explored the specific challenges of managing the evolution of risk across traditional and cloud environments.