2 min
Metasploit
Metasploit Wrap-Up 4/5/19
Your workflow just got easier
Are you tired of copy/pasting module names from the search results before you
can use them? Thanks to this enhancement (PR #11652)
by Brent Cook
, you can now run search with the -u flag to
automatically use a module if there is only one result. Now you're one step
closer to popping a shell!
A pair of new JSO modules
Metasploit published research a few weeks ago on Java Serializ
5 min
Application Security
5 Considerations When Creating an Application Security Program
In this blog, we explain how to address application security within your organization and how this translates into building better code.
2 min
Research
Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know
The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/29/19
Introducing Metasploit Development Diaries
We are happy to introduce a new quarterly series, the Metasploit Development
Diaries. The dev diaries walk users and developers through some example exploits
and give detailed analysis of how the exploits operate and how Metasploit
evaluates vulnerabilities for inclusion in Framework. The first in the dev
diaries series features technical analysis by sinn3r
and includes modules from community
members and fellow rese
2 min
Threat Intel
Why and Where Cybercriminals Attack the Hospitality Industry
The gaming, leisure, and hospitality industry has been increasingly targeted by cybercrime and faces a unique set of security challenges.
3 min
Vulnerability Disclosure
R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing
A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.
3 min
Whiteboard Wednesday
How to Gain Security Visibility into a Modern Environment
In our latest installment of Whiteboard Wednesday, we break down the step-by-step approach you can take to gain visibility across a modern environment and the main areas you should focus on.
8 min
Public Policy
The IoT Cybersecurity Improvement Act of 2019
In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.
2 min
Events
Rapid7’s Partner Summit 2019: Thank You to Our Partners in EMEA!
We recently hosted our hugely successful EMEA Partner Summit 2019 in Portugal, meeting with over 85 partners from over 27 countries all around Europe, the Middle East, and Africa.
2 min
Metasploit
Introducing the Metasploit Development Diaries
In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Mar. 22, 2019
Spring is here: Four new modules and metashell improvements.
1 min
InsightVM
Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
5 min
Research
Buy One Device, Get Data Free: Private Information Remains on Donated Tech
When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center. However, have you ever wondered what happens to these devices and the data within them?