Posts tagged Product Updates

3 min Application Security

A December to Remember — Or, How We Improved InsightAppSec in Q4 in the Midst of Log4Shell

We wanted to take a moment to recap some of InsightAppSec and tCell's Q4 highlights and give us all a little much-deserved break from the madness.
6 min InsightIDR

What's New in InsightIDR: Q4 2021 in Review

This post offers a closer look at some of the recent releases in InsightIDR, our extended detection and response (XDR) solution, from Q4 2021.
2 min Product Updates

Rapid7 Acquires IntSights to Tackle the Expanding Threat Landscape

I am pleased to share the exciting news that, today, Rapid7 acquired IntSights, a leading provider of cloud-native, external threat intelligence and proactive threat remediation.
17 min InsightIDR

Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide

Follow this step-by-step walkthrough to use NXLog to transform an ingress authentication log into UEF.

5 min InsightAppSec

New Features: Rapid7 Launches Public API For InsightAppSec

Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.
3 min Azure

Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform

Today, we announced [https://www.rapid7.com/about/press-releases/rapid7-integrates-with-microsoft-azure/] continued, more comprehensive development of the integration between the Rapid7 Insight platform and Microsoft Azure. A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment enables InsightVM customers to maintain constant visibility into the assets, vulnerabilities, and

5 min Product Updates

Building Personalized and Exceptional Customer Experiences

Building personalized and exceptional customer experiences At Rapid7, we strive to give you, our customers, a personalized and exceptional experience every time you interact with our organization, our products, and our services. This is what we refer to as the "Customer Experience". In order to clarify what this term means, Don Peppers from the Peppers & Rogers Group defines the Customer Experience as “the totality of a customer's individual interactions with a brand, over time”. We are all cus
15 min Metasploit

Don't Get Blindsided: Better Visibility Into User and Asset Risks with Metasploit 4.8

Not having visibility can be dangerous in many situations. The new Metasploit 4.8 [https://www.rapid7.com/products/metasploit/download/] gives you better visibility in four key areas: * View phishing exposure in the context of the overall user risk * See which vulnerabilities pose the biggest risk to your organization * Have all host information at your fingertips when doing a pentest * Discover the latest risks on your network with new exploits and other modules See Phishing Exposure as O
3 min Product Updates

Weekly Update - 11/6/13

Disclosures for SuperMicro IPMI On the heels of last week's bundle of FOSS disclosures [/2013/10/30/seven-foss-disclosures-part-one], we've gone a totally different direction this week with a new round of disclosures. Today, we're concentrating on a single vendor which ships firmware for Baseboard Management Controllers (BMCs): Supermicro, and their Supermicro IPMI firmware. You can read up on the details on HD's blog post [/2013/11/06/supermicro-ipmi-firmware-vulnerabilities] which covers the

2 min Product Updates

Weekly Update: Apple OSX Privilege Escalation

Sudo password bypass on OSX This week's update includes a nifty local exploit for OSX, the sudo bug described in CVE-2013-1775. We don't have nearly enough of these Apple desktop exploits, and it's always useful to disabuse the Apple-based cool-kids web app developer crowd of the notion that their computing platform of choice is bulletproof. Joe Vennix [https://github.com/jvennix-r7], the principle author of this module, is, in fact, of that very same Apple-based developer crowd, and usually bu
3 min Product Updates

Weekly Update: Cooperative Disclosure and Assessing Joomla

Cooperative Disclosure I'm in attendance this year at Rapid7's UNITED Security Summit, and the conversations I'm finding myself in are tending to revolve around vulnerability disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every day, it happens often enough that we have a disclosure policy that we stick to when we get a hold of newly uncovered vulnerabilities. What's not talked about in that disclosure policy is the Metasploit exploit dev community's willingness to help
3 min Metasploit

Metasploit Update: Those Sneaky IPMI Devices

IPMI, in my network? This week's update features a set of tools for auditing your IPMI infrastructure. "Phew, I'm glad I'm not one of those suckers," you might be thinking to yourself. Well, the thing about IPMI (aka, the Intelligent Platform Management Interface) is that it's just a skootch more esoteric than most protocols, and even experienced server administrators may not be aware of it. Do you use server hardware from IBM, Dell, or HP? Have you ever had to use IBM's Remote Supervisor adapte
2 min Product Updates

Weekly Update: Smaller is Better

In this week's episode, the role of Tod Beardsley will be played by egypt. Smaller is better Perhaps the most prominent addition to the framework this week is not an addition at all, but rather a deletion. We've been working toward a slimmer, more manageable source tree for a while now, and as part of that effort, we recently removed a pile of old-and-busted unit tests. This update goes a bit further, moving source code for some compiled payloads into seperate repositories. Metasploit's version
3 min Product Updates

Weekly Update: The Nginx Exploit and Continuous Testing

Nginx Exploit for CVE-2013-2028 The most exciting element of this week's update is the new exploit for Nginx which exercises the vulnerability described by CVE-2013-2028 [http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html]. The Metasploit module was written by Metasploit community contributors hal and saelo, and exploits Greg McManus's bug across a bunch of versions on a few pre-compiled Linux targets. We don't often come across remote, server-side stack buffer overflows in popul
3 min Metasploit

Weekly Update: 4.6.1, ColdFusion Exploit, and SVN Lockdown

Metasploit 4.6.1 Released This week's update bumps the patch version of Metasploit to 4.6.1 (for installed versions of Metasploit). The major change here is the ability to install Metasploit on Windows 8 and Windows Server 2012. That meant we had to fiddle with the installer and a few of Metasploit Pro's dependencies to get that all working correctly, and that led to skipping last week's release so we could be sure all the moving parts lined up correctly. This release also fixes a few minor iss

Popular Topics

Tags