3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/8/22
Five new modules targeting Windows, Linux, macOS, and more. Plus, updates to the Log4Shell scanner and a new Windows Meterpreter option to enable additional logging visible in DbgView
2 min
Career Development
7 Rapid Questions: Meet Adrian Stewart, Aspiring Pilot Turned Product Manager
In this installment of 7 Rapid Questions, we talk to Adrian Stewart, a product manager working on InsightAppSec.
8 min
Research
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.
4 min
Rapid7 Culture
The Forecast Is Flipped: Flipping L&D in New Hire Training
The Rapid7 People Development team challenged convention and recently evolved the onboarding program to address the needs of our evolving business and the future of work.
3 min
Managed Detection and Response (MDR)
MDR Plus Threat Intel: 414 New Detections in 251 Days (You’re Welcome)
Now, Threat Command’s threat intelligence platform (TIP) content is integrated with our leading detection and response products and services.
5 min
InsightIDR
What's New in InsightIDR: Q1 2022 in Review
We highlight the updates we made to InsightIDR in Q1 2022 to help you save time while still leveling up your detection and response program.
3 min
Rapid7 Culture
Security for All: How the Rapid7 Cybersecurity Foundation Will Expand Access and Inclusion
Rapid7’s mission is to advance cybersecurity for all — and an essential part of that effort is making the field and its best resources easier to access.
4 min
Research
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
3 min
Detection and Response
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.
3 min
Application Security
Securing Your Applications Against Spring4Shell (CVE-2022-22965)
In this blog, we wanted to share some recent product enhancements across our application security portfolio to help our customers with easy ways to test and secure their apps against Spring4Shell.
1 min
Metasploit
Metasploit Weekly Wrap-Up: 4/1/22
CVE-2022-22963 - Spring Cloud Function SpEL RCE
A new exploit/multi/http/spring_cloud_function_spel_injection module has been
developed by our very own Spencer McIntyre
which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This
module is unrelated to Spring4Shell CVE-2022-22965
, which is a separate vulnerability in the WebDataBinder component
1 min
Emerging Threats
Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems
We have been continuously monitoring for Spring4Shell exploit attempts in our environment, and we will update this page as learn more.
5 min
InsightIDR
MITRE Engenuity ATT&CK Evaluation: InsightIDR
Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations.
5 min
Ransomware
4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 2
In our second blog in this two-part series, Datto Inc. CISO Ryan Weeks outlines the third and fourth fallacies that perpetuate ransomware risk for SMBs.
15 min
Emergent Threat Response
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.