7 min
Research
Building a Printed Circuit Board Probe Testing Jig
In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.
2 min
Research
Rapid7 Quarterly Threat Report: 2020 Q1
In this blog, we break down some of the top findings and highlights from the Rapid7 Quarterly Threat Report: 2020 Q1.
11 min
Research
The Masked SYNger: Investigating a Traffic Phenomenon
At the beginning of 2020, Rapid7 and other researchers began noticing increased scanning activity against a variety of TCP ports.
5 min
Research
CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview
On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.
3 min
Risk Management
Meet AttackerKB
Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
3 min
Risk Management
CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis
Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.
2 min
Research
Rapid7 2020 Threat Report: Exposing Common Attacker Trends
In this blog, we break-down the three key sections of the newly-released Rapid7 2020 Threat Report.
5 min
Events
How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways
As our team discussed our traditional RSA round-up blog, we started to wonder how easy it would be to predict those key themes before the conference even kicked off.
5 min
Research
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
22 min
Research
DOUBLEPULSAR RCE 2: An RDP Story
In this sequel, wvu [https://github.com/wvu-r7] recounts the R&D (in all its
imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR
implant's lesser-known RDP variant. If you're unfamiliar with the more common
SMB variant, you can read our blog post
[/2019/10/02/open-source-command-and-control-of-the-doublepulsar-implant/]
detailing how we achieved RCE with it.
Table of Contents
0. Background
1. Extracting the implant
2. Installing the implant
3. Pinging the implant
4.
4 min
Research
Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.
9 min
Research
Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?
The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.
4 min
Research
Cisco Self-Signed Certificate Expiration on Jan. 1, 2020: What You Need to Know
Cisco released Field Notice 70489 this week making owners of a wide range of Cisco devices of an impending certificate expiration issue.
4 min
IoT
IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.