3 min
Detection and Response
InsightIDR: 2019 Year in Review
As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on some of our most exciting updates from InsightIDR.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 1/3/20
A new OpenBSD local exploit
Community contributor bcoles brings us a new exploit
module for CVE-2019-19726, a vulnerability originally discovered by Qualys
in OpenBSD. This vulnerability is pretty interesting in the sense that it
leverages a bug in the _dl_getenv function that can be triggered to load
libutil.so from an attacker controlled loca
7 min
InsightIDR
10 Threat Detection and Response Resolutions for 2020
From knowing what you have, who may want it, and how they can get it: these 10 IDR resolutions for 2020 are sure to keep you busy.
3 min
InsightVM
7 Vulnerability Risk Management Resolutions To Consider in the New Year
In this blog, we discuss seven Vulnerability Risk Management resolutions that all security professionals should be making in 2020.
9 min
Research
Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?
The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.
9 min
Haxmas
Memorable Metasploit Moments of 2019
Here’s a smattering of the year’s Metasploit Framework highlights from 2019. As ever, we’re grateful to and for the community that keeps us going strong.
2 min
Metasploit
Metasploit Wrap-Up: Dec. 27, 2019
With 2019 almost wrapped up, we’ve been left wondering where the time went! It’s
been a busy year for Metasploit, and we’re going out on a reptile-themed note
this wrap-up...
Python gets compatible
With the clock quickly ticking down on Python 2 support
, contributor xmunoz came
through with some changes
to help ensure most
of Framework works with Python 3. While Python 3’s adoption
6 min
Haxmas
Memory Laundering: Is Cleaner Better?
In this HaXmas blog, we discuss how to bypass SELinux's commonly-applied `execmem` permission.
4 min
Research
Cisco Self-Signed Certificate Expiration on Jan. 1, 2020: What You Need to Know
Cisco released Field Notice 70489 this week making owners of a wide range of Cisco devices of an impending certificate expiration issue.
2 min
Metasploit
Metasploit Wrap-Up: 12/19/19
It’s beginning to look a lot like HaXmas , everywhere you go! We
have a great selection of gift-wrapped modules this holiday season, sure to have
you entertained from one to eight nights, depending on your preference! On a
personal note, we here at the Metasploit workshop would like to welcome our
newest elf, Spencer McIntyre . Spencer has been
a long-time contributor to the project, and we’re thrilled to have him on the
team!
In the spirit of givi
3 min
Haxmas
The Importance of Updating and Patching Your New Electronic Presents
Regardless of the type of device under your tree, here are some quick and easy things to look for and change to help better secure your holiday gifts.
3 min
Podcast
Building a Daily Threat Simulation Tool with Todd Beebe
In our latest episode of Security Nation, we sat down to talk with Todd Beebe about the automated threat simulation system that he built for his current employer.
5 min
InsightAppSec
Automating Application Security Testing Within Your Atlassian Bamboo Pipelines
Rapid7 is excited to announce a new plugin for Atlassian Bamboo with the goal of integrating InsightAppSec into the software development life cycle (SDLC).
3 min
Metasploit
Metasploit Wrap-Up: Dec. 13, 2019
Powershell Express Delivery
The web_delivery module
is often used to deliver a payload during post exploitation by quickly firing up
a local web server. Since it does not write anything on target’s disk, payloads
are less likely to be caught by anti-virus protections. However, since Microsoft
added Antimalware Scan Interface (AMSI)
3 min
Application Security
The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment
In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.