All Posts

5 min Haxmas

HaXmas Review: 12 Patch Tuesdays a-Patching

Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.

4 min Haxmas

The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference

Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.
5 min Haxmas

Advice for the Lazy Family Sysadmin

With some careful choices, you can be a lazy family system administrator this holiday. Here’s my experience, along with some tips.
4 min Haxmas

Once a Haxer, Always a Haxor

Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.
7 min Haxmas

The New Shiny: Memorable Metasploit Moments of 2018

Happy HaXmas, friends. Metasploit turned 15 this year, and by all accounts, 2018 was pretty epic.

3 min Haxmas

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.

4 min Haxmas

The Return of Snapid Kevin to the North Pole

Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?

3 min Haxmas

The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018

It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 12/21/18

Safari Proxy Object Type Confusion Metasploit committer timwr recently added a macOS Safari RCE exploit module based on a solution that saelo developed and used successfully at Pwn2Own 2018 . saelo's exploit is a three-bug chain: a Safari RCE (CVE-2018-4233), a sandbox

13 min Research

Rsunk your Battleship: An Ocean of Data Exposed through Rsync

Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet.

3 min InsightVM

How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations

Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.

3 min AWS

Rapid7 Partners with AWS Security Hub for Deeper Vulnerability Reporting

Last month, we were thrilled to announce our integration with AWS Security Hub at AWS re:Invent.
7 min InsightIDR

Windows Event Forwarding: The Best Thing You’ve Never Heard Of

This blog post will discuss how to get logs into your SIEM and create custom alerts to detect certain behaviors in those logs.
2 min Research

Charting the Forthcoming PHPocalypse in 2019

This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.
2 min Metasploit Weekly Wrapup

Metasploit Wrapup 12/14/18

Backups that Cause Problems hypn0s contributed a module that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files, including one that gives access to controlling the WordPress restoration process. Sending a POST request to the now accessib

Popular Topics

Tags