3 min
Vulnerability Management
Patch Tuesday - January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
Microsoft by the NSA: CVE-2020-0601
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
4 min
InsightVM
How to Define and Communicate Vulnerability Risk Across Your Company
In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.
4 min
InsightVM
Simplify Your Data Search with Query Builder in InsightVM
Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.
5 min
Risk Management
Challenges and Best Practices with Vulnerability Risk Management Collaboration
We sat down with VRM professionals to discuss best practices, challenges, and personal approaches to make vulnerability risk management a priority.
4 min
InsightAppSec
Automating Application Security Processes with the InsightAppSec API
In this blog, we discuss how task automation can free up extra time for development and security teams in the web application life cycle.
3 min
Detection and Response
InsightIDR: 2019 Year in Review
As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on some of our most exciting updates from InsightIDR.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 1/3/20
A new OpenBSD local exploit
Community contributor bcoles brings us a new exploit
module for CVE-2019-19726, a vulnerability originally discovered by Qualys
in OpenBSD. This vulnerability is pretty interesting in the sense that it
leverages a bug in the _dl_getenv function that can be triggered to load
libutil.so from an attacker controlled loca
7 min
InsightIDR
10 Threat Detection and Response Resolutions for 2020
From knowing what you have, who may want it, and how they can get it: these 10 IDR resolutions for 2020 are sure to keep you busy.
3 min
InsightVM
7 Vulnerability Risk Management Resolutions To Consider in the New Year
In this blog, we discuss seven Vulnerability Risk Management resolutions that all security professionals should be making in 2020.
9 min
Research
Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?
The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.
9 min
Haxmas
Memorable Metasploit Moments of 2019
Here’s a smattering of the year’s Metasploit Framework highlights from 2019. As ever, we’re grateful to and for the community that keeps us going strong.
2 min
Metasploit
Metasploit Wrap-Up: Dec. 27, 2019
With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s
been a busy year for Metasploit, and we’re going out on a reptile-themed note
this wrap-up...
Python gets compatible
With the clock quickly ticking down on Python 2 support
, contributor xmunoz came
through with some changes
to help ensure most
of Framework works with Python 3. While Python 3’s adoption
6 min
Haxmas
Memory Laundering: Is Cleaner Better?
In this HaXmas blog, we discuss how to bypass SELinux's commonly-applied `execmem` permission.
4 min
Research
Cisco Self-Signed Certificate Expiration on Jan. 1, 2020: What You Need to Know
Cisco released Field Notice 70489 this week making owners of a wide range of Cisco devices of an impending certificate expiration issue.
2 min
Metasploit
Metasploit Wrap-Up: 12/19/19
It’s beginning to look a lot like HaXmas , everywhere you go! We
have a great selection of gift-wrapped modules this holiday season, sure to have
you entertained from one to eight nights, depending on your preference! On a
personal note, we here at the Metasploit workshop would like to welcome our
newest elf, Spencer McIntyre . Spencer has been
a long-time contributor to the project, and we’re thrilled to have him on the
team!
In the spirit of givi