All Posts

Metasploit Wrap-up: 9/25/20

Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.

6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of rsync

In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.

2 min This One Time on a Pen Test

This One Time on a Pen Test: Ain’t No Fence High Enough

In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.

2 min Research

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.

2 min InsightIDR

Define What to Parse From Logs with the Custom Parsing Tool in InsightIDR

In InsightIDR, Rapid7’s SIEM tool, customers use log data to detect malicious activity, prove compliance, and gain visibility across their network.

3 min Metasploit

Metasploit Wrap-Up: Sep. 18, 2020

Six new modules this week, and a good group of enhancements and fixes!

6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of SMB

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.

5 min Public Policy

A step closer to stronger federal IoT security

The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.

3 min InsightVM

Decentralize Remediation Efforts to Gain More Efficiency with InsightVM

We’re excited to introduce you to two new InsightVM product updates to help you further reduce friction, save time, and gain greater efficiency.

2 min Penetration Testing

This One Time on a Pen Test: How I Outwitted the Vexing VPN

In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.

3 min Vulnerability Management

Vulnerability Remediation vs. Mitigation: What’s the Difference?

In this blog, we dive into better understanding the difference between vulnerability mitigation vs. remediation.

5 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of FTP/S (TCP/990)

In this installation of our NICER Protocol Deep Dive blog series, we take a look at the internet exposure of FTP/S (TCP/990).

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Sep. 11, 2020

Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.

4 min InsightVM

How to Track and Remediate Default Account Vulnerabilities in InsightVM

In this blog post, we discuss older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM.