All Posts

5 min Penetration Testing

Ask a Pen Tester Q&A, Part 2: Everything You Need to Know About the Art of Penetration Testing

We sat down with our own penetration testers to answer some of your questions about what exactly pen testing entails.
4 min Cloud Security

How to Handle Misconfigurations in the Cloud

In part three of our four-part series on security in the cloud, we will cover how to handle misconfigurations in the cloud.
3 min Patch Tuesday

Patch Tuesday - February 2020

A relatively modest 99-vulnerability February Patch Tuesday has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 (originally ADV200001 ) announced back on January 17.  Fortunately, that is the only vulnerability reported this month th
3 min Security Operations (SOC)

Intro to the SOC Visibility Triad

In this blog, we break-down the three pillars of the Security Operations Center (SOC) Visibility Triad.
2 min Vulnerability Management

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.
2 min Metasploit

Metasploit Wrap-Up: Feb. 7, 2020

In the week after our CTF, we hope the players had a good time and got back to their loved ones, jobs, lives, studies, and most importantly, back to their beds (and you can find out who the winners were here !). For the Metasploit team, we went back to baking up fresh, hot modules and improvements that remind us in this flu season to not just wash your hands, but also, sanitize your inputs! SOHOwabout a Shell? Several

3 min InsightConnect

InsightConnect Customer Hendrick Automotive Group Benefits from Integrations and Alert Triggers

We spoke with Hendrick Automotive Group’s director of information security about his experience with InsightConnect and its connection to InsightIDR.
2 min InsightCloudSec

Security Isn’t a Four-Letter Word: How Infrastructure as Code (IaC) Amplifies DevOps Through the Inclusion of Security

Our fast-paced lives are fueled by innovative, cloud-native companies. We are able to watch our favorite programs and movies from anywhere in the world on any device. We are able to collaborate with our colleagues on an upcoming presentation, regardless of whether we’re in the office or at home.

4 min AWS

How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud

In part two of our series on security in the cloud, we’ll discuss how to detect, prioritize, and remediate vulnerabilities that you find in your cloud environment.
5 min Research

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
22 min Research

DOUBLEPULSAR RCE 2: An RDP Story

In this sequel, wvu recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR implant's lesser-known RDP variant. If you're unfamiliar with the more common SMB variant, you can read our blog post detailing how we achieved RCE with it. Table of Contents 0. Background 1. Extracting the implant 2. Installing the implant 3. Pinging the implant 4.

2 min Metasploit

Congrats to the Winners of the 2020 Metasploit Community CTF

After four days of competition and a whole lot of “trying harder,” we have the winners of this year's Metasploit community CTF . We've included some high-level stats from the game below; check out the scoreboard here . If you played the CTF and want to let the Metasploit team know which challenges you found exhilarating, interesting, or infuriating (in a good way, of course), we have a feedback surve
3 min Penetration Testing

What You Need to Know to Get Started in the Penetration Testing Field

In this blog, we sat down with our own penetration testers to answer some of your questions to help get you started in the field.
2 min Metasploit

Metasploit Team Announces Beta Sign-Up for AttackerKB

AttackerKB is a knowledge base of vulnerabilities and informed opinions on what makes them valuable (or not) targets for exploitation.
5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 1/31/20

Happy CTF week, folks! If you haven't already been following along with (or competing in) Metasploit's global community CTF , it started yesterday and runs through Monday morning U.S. Eastern Time. Registration has been full for a while, but you can join the #metasploit-ctf channel on Slack to participate in the joy and frustration vicariously. This week's Metasploit wrap-up takes a look back at work done

Popular Topics

Tags