1 min
Automation and Orchestration
Introducing the Rapid7 InsightConnect App for Splunk
Rapid7 is excited to announce our new integration between InsightConnect and Splunk.
2 min
Metasploit
Metasploit Wrap-Up 10/11/19
Exploiting Windows tools
There are two new Windows modules this week, both brought to you by the
Metasploit team.
The Windows Silent Process Exit Persistence module
, from our own
bwatters-r7 , exploits a Windows tool that
allows for debugging a specified process on exit. With escalated privileges, an
attacker can configure the debug process and then use the module to upload a
payload which will launch e
2 min
Research
Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320
Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.
5 min
Cloud Security
How to Reduce Exposure in the Cloud
In this blog, we share the top cloud configuration mistakes organizations make and four rules to implement so you can migrate securely to the cloud.
2 min
Patch Tuesday
Patch Tuesday - October 2019
This month's Patch Tuesday
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
and nothing that could allow worms to proliferate. And nothing from Adobe
. Of course, that doesn't mean there's
nothing to do: Microsoft still published 59 CVE
6 min
Vulnerability Disclosure
R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment
Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.
5 min
MSSP
Why Do Managed Detection and Response (MDR) Services Exist in a World Dominated by MSSPs?
In this blog, we break-down why Managed Detection and Response (MDR) services can survive in a market dominated by MSSP's.
1 min
Metasploit
Metasploit Wrap-Up 10/4/19
Command and Control with DOUBLEPULSAR
We now have a DOUBLEPULSAR exploit module
thanks to some
amazing work by our own wvu , Jacob Robles, and some
significant contributions from the wider community. The module allows you to
check for the DOUBLEPULSAR implant, disable it, or even load your own payloads
as well; it really deserves its own blog post…
2 min
Penetration Testing
This One Time on a Pen Test: “Let Me Get That for You”
In this blog, we discuss how our team successfully gained access to a client's physical building in an unlikely way.
12 min
SAML
SAML All the Things! A Deep Dive into SAML SSO
In this blog, we will take a deep dive into everything you need to know about Security Assertion Markup Language (SAML).
20 min
Research
Open-Source Command and Control of the DOUBLEPULSAR Implant
Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.
5 min
Project Sonar
Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice
On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.
5 min
Vulnerability Management
How DHS and MITRE Collaborate to Validate Vulns
In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.
3 min
Application Security
DAST vs. SAST: Which solution is better?
Security and DevOps teams seemingly have to choose between speed and security. We think there's a better way.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 9/27/19
BlueKeep is Here
The BlueKeep exploit module
is now officially a
part of Metasploit Framework. This module reached merged status thanks to lots
of collaboration between Rapid7 and the MSF community members. The module
requires some manual configuration per target, and targets include both
virtualized and non-virtualized versions of Windows 7 and Windows Server 2008.
For a full overview of the exploit’s development and notes on use and d