2 min
Metasploit
Metasploit Wrapup 1/25/19
Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!
3 min
Detection and Response
PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know
According to the PHP Extension and Application Repository (PEAR), a security breach had been found on the `pear.php.net` web server.
4 min
InsightConnect
How Rapid7’s Orchestration and Automation Solution Boosted a Higher Education Security Team’s Effectiveness
We recently had the opportunity to sit down with Adam Elliott to discuss why his team chose Rapid7 and how our solution has increased the overall effectiveness of his security team.
1 min
Metasploit
Metasploit Wrapup 1/18/19
This week, phra offers up a new potato dish to make privilege escalation in Windows just a bit tastier.
3 min
Rapid7 Perspective
Rapid7 Included in 2019 Bloomberg Gender-Equality Index for Commitment to Diversity
We are extremely proud to announce that Rapid7 has been included in the 2019
Bloomberg Gender-Equality Index (GEI), which recognizes organizations for being
transparent in their commitment to gender equality. We are thrilled by this, as
the GEI’s scoring method celebrates both our best-in-class elements, as well as
our willingness to disclose our efforts toward creating a gender-neutral
organization. It also helps us to understand our performance and identify
opportunities to continue to learn a
2 min
Vulnerability Management
What WannaCry Taught Me About the Benefits of Agents in VM Programs
In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.
3 min
AWS
How AWS and InsightVM Can Help You Securely Move to the Cloud
No one can deny that cloud adoption is increasing at a fast rate. Though moving
to the cloud offers many advantages—such as speed of development, cost savings,
and reduced overhead—one of the implications of adoption is that customers must
change the way they approach security to adapt to hybrid and fully cloud
infrastructure.
As this happens, security practitioners have to consider how to use their
current on-premises tools in both hybrid and fully cloud environments. The onus
is on security v
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 1/12/19
MSF 5 in the wild
We announced the release
of Metasploit Framework 5.0 this week. It’s Metasploit’s first major version
release since 2011, and it includes lots of good stuff the team has been working
on for the past year-plus. It will be packaged and integrated into your favorite
software distributions over the next few months; until then, you can get MSF 5
by checking out the 5.0.0 tag
5 min
Metasploit
Metasploit Framework 5.0 Released!
We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year.
2 min
InsightVM
Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities
InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.
4 min
Phishing
What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs
I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 1/4/19
Happy New Year to the Metasploit community! As we kick off 2019, we're excited
to see all the modules, enhancements, and discussions the new year will bring.
Ring In 2019 With SSL
There is a new datastore option
courtesy of wvu
called CMDSTAGER::SSL. This exposes the ability to
enable SSL/TLS command stagers with set cmdstager::ssl true.
Auld Erlang Syne
Good news if you're a fan of the multi/misc/erlang_co
6 min
Haxmas
Happy HaXmas! Year-End Internet Scanning Observations
As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.
7 min
Haxmas
Santa's ELFs: Running Linux Executables Without execve
Santa's ELFs do not get a post-holiday break, since the Executable and Linkable Format (ELF) is the base of numerous Unix-like operating systems.
25 min
Haxmas
The Ghost of Exploits Past: A Deep Dive into the Morris Worm
In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.