1 min
InsightAppSec
InsightAppSec Release Roundup: What’s New and Updated
In this blog, we recap the latest and greatest ways to work smarter and more efficiently in InsightAppSec, so you can get some much-deserved time back.
3 min
InsightVM
How to Use Custom Policy Builder to Customize Password Policies in InsightVM
In this post, we are going to focus on commonly used customizations for password policies by our customers.
13 min
DAST
Unlocking the Power of Macro Authentication in Application Security: Part Two
In this post, we will review how to understand these error messages and what steps to take to get our authentication macro working.
3 min
Vulnerability Disclosure
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.
7 min
Research
Building a Printed Circuit Board Probe Testing Jig
In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.
2 min
Metasploit
Metasploit Wrap-Up: 6/26/20
Who watches the watchers?
If you are checking up on an organization using Trend Micro Web Security, it
might be you. A new module this week takes advantage of a chain of
vulnerabilities to give everyone (read unauthenticated users) a chance to decide
what threats the network might let slip through.
Following the trend, what about watchers that are not supposed to be there?
Agent Tesla Panel is a fun little trojan (not to be found zipping around on our
highways and byways) which now offers, agai
7 min
Managed Detection and Response (MDR)
Rapid7 Managed Detection and Response: The Service that Never Sleeps
In this post, we break-down everything you need to know about Rapid7 Managed Detection and Response (MDR).
2 min
Metasploit
Metasploit Wrap-Up: 6/19/20
Arista Shell Escape Exploit
Community contributor SecurityBytesMe added
an exploit module
for various Arista switches. With credentials, an attacker can SSH into a
vulnerable device and leverage a TACACS+ shell configuration to bypass
restrictions. The configuration allows the pipe character to be used only if the
pipe is preceded by a grep command. This configuration ultimately allows the
chaining
3 min
Vulnerability Management
How to Approach Risk Management: Advice from Rapid7 Customers
Learn how these security professionals approach risk, and their best advice for others looking to better their approach to risk management.
5 min
Detection and Response
How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
In this blog, we discuss how Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
7 min
Cloud Security
Security Practitioner's Intro to Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask
In this post, we provide an introductory primer to the cloud and cloud security for security professionals who want to fill in the blanks.
4 min
SIEM
SIEM Security Tools: Six Expensive Misconceptions
Understanding recent improvements to traditional SIEMs incorporated by next-generation solutions proves critical to building a confident security posture.
7 min
InsightAppSec
Unlocking the Power of Macro Authentication: Part One
In this blog post, we will review how various components of a macro work and what to keep in mind when recording a macro for authentication.
4 min
InsightVM
Monitor External and Remote Workforce Assets in Your Environment
In order to help our customers better track their remote workforce and external assets, we are introducing a new customizable dashboard within InsightVM.
2 min
Metasploit
Metasploit Wrap-Up: 6/12/20
Windows BITS CVE-2020-0787 LPE in the Metasploit tree!
This week, Grant Willcox presents his first
Metasploit module contribution
as part of our team.
Research from itm4n
yielded CVE-2020-0787
, describing a vulnerability in
the Windows Background Intelligent Transfer Serv