4 min
Research
Extracting Firmware from Microcontrollers’
Onboard Flash Memory, Part 4
In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.
7 min
Vulnerability Management
Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup
In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/3/19
Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.
4 min
InsightAppSec
How InsightAppSec Can Help You Improve Your Approach to Application Security
In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.
4 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).
7 min
Vulnerability Management
Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline
When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/26/19
Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.
3 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 2: Nordic RF Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).
5 min
Capture the Flag: Red Team vs. Cloud SIEM
Here's how InsightIDR fared in a recent Capture the Flag (CTF) meetup with a special blue-team element.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/19/19
A more useful use command
From among the many musings of longtime contributor/team member Brent Cook
, in a combined effort with the ever-present wvu
, the use command has become so much more useful. PR
11724 takes new
functionality from
search -u one step further by automatically appying it when use is called with a
uniq
5 min
Application Security
How to Choose the Right Application Security Tool for Your Organization
In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.
3 min
Research
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.
1 min
Research
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/12/19
WordPress RCE
tiyeuse submitted a Metasploit module
for an authenticated
remote code execution vulnerability in WordPress, which was described in a blog
post by RIPS Technology . After
authenticating as a user with at least author privileges, the module starts by
uploading an image file with PHP code that will be used later. Then the image
metadata that references the file
3 min
Rapid7 Perspective
How to Start a Career in Cybersecurity: From Stay-at-Home Mom to Security Pro-in-Training
My name is Carlota Bindner, and here is my story on how I went from being a stay-at-home mom and community volunteer to participating in Rapid7's Security Consultant Development Program.