4 min
Detection and Response
What’s New in Rapid7 Detection & Response: Q3 2023 in Review
Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.
3 min
Emergent Threat Response
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.
2 min
Managed Detection and Response (MDR)
Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MXDR
Rapid7 has expanded Managed Threat Complete to include native NGAV and DFIR powered by our universal Insight Agent.
4 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q3 2023 in Review
In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 29, 2023
TeamCity authentication bypass and remote code execution
This week’s Metasploit release includes a new module for a critical
authentication bypass in JetBrains TeamCity CI/CD Server. All versions of
TeamCity prior to version 2023.05.4 are vulnerable to this issue. The
vulnerability was originally discovered by SonarSource, and the Metasploit
module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who
additionally published a technical analysis on AttackerKB for CVE-2023-4279
6 min
Emergent Threat Response
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
, a secure file transfer solution. There
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044 and CVE-2023-42657). Our research team has identified what
appears to be the .NET deserialization vulnerability (CVE-2023-40044) and
confirmed that it is exploitable with a single HTTPS POST request and a
pre
3 min
DFIR
Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR
Rapid7 is excited to announce the integration of Velociraptor, our leading open-source DFIR framework, into the Insight Platform for InsightIDR Ultimate users — all with no additional deployment or configurations required.
3 min
InsightVM
Introducing Active Risk
Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.
2 min
Emergent Threat Response
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 22, 2023
Improved Ticket Forging
Metasploit’s admin/kerberos/forge_ticket module has been updated to work with
Server 2022. In Windows Server 2022, Microsoft started requiring additional new
PAC elements to be present - the PAC requestor and PAC attributes. The newly
forged tickets will have the necessary elements added automatically based on the
user provided domain SID and user RID. For example:
msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649
4 min
MITRE ATT&CK
Rapid7 2023 MITRE Engenuity ATT&CK® Evaluations
InsightIDR has evolved to stay in front of emergent threats and expanding attack surfaces, and now we are proud to share our participation and results from the most recent MITRE Engenuity ATT&CK Evaluation: Enterprise.
3 min
Vulnerability Management
Rapid7 doubles down on a platform approach for Vulnerability Risk Management
This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 15, 2023
Flask Cookies
This week includes two modules related to Flask cookie signatures. One is
specific to Apache Superset where session cookies can be resigned, allowing an
attacker to elevate their privileges and dump the database connection strings.
While adding this functionality, community member h00die
also added a module for generically working with the
default session cookies used by Flask. This generic module
auxiliary/gather/python_flask_cookie_signer
8 min
Patch Tuesday
Patch Tuesday - September 2023
A relatively light month. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 8, 2023
New module content (4)
Roundcube TimeZone Authenticated File Disclosure
Authors: joel, stonepresto, and thomascube
Type: Auxiliary
Pull request: #18286
contributed by cudalac
Path: auxiliary/gather/roundcube_auth_file_read
AttackerKB reference: CVE-2017-16651
Description: This PR adds a module to retrieve an arbitrary file on hosts
run