3 min
Metasploit
Metasploit Weekly Wrap-Up: 7/22/22
The past, present and future of Metasploit
Don't miss Spencer McIntyre's talk on the Help Net Security's blog
. Spencer is the Lead Security Researcher at Rapid7 and speaks about how
Metasploit has evolved since its creation back in 2003. He also explains how the
Framework is addressing today's offensive security challenges and how important
is the partnership with the community.
LDAP swiss army knife
This week,
4 min
Cloud Security
Cloud Threat Detection: To Agent or Not to Agent?
Should you be using agents to secure cloud applications, or not? The answer depends on what exactly you're trying to secure.
3 min
SIEM
Simplify SIEM Optimization With InsightIDR
For far too many years, security teams have accepted that with a SIEM comes compromise. With InsightIDR, you can have the best of both worlds.
4 min
SOAR
Deploying a SOAR Tool Doesn’t Have to Be Hard: I’ve Done It Twice
Here are some lessons learned launching and steps for success when launching a SOAR tool for the first time.
4 min
Managed Detection and Response (MDR)
4 Key Statistics to Build a Business Case for an MDR Partner
Any MDR financial justification will come down to four main factors: return on investment (ROI), savings from building out your SOC team, the reduction in risk to your organization, and the time to see value/impact.
3 min
Cloud Security
4 Strategies for Achieving Greater Visibility in the Cloud
Here are four ways to put visibility at the center of your cloud security approach and better understand what's going on in your environment.
2 min
Detection and Response
Gimme! Gimme! Gimme! (More Data): What Security Pros Are Saying
Eight in 10 organizations collect, process, and analyze security operations data from more than 10 sources, but security analysts need even more.
5 min
Vulnerability Disclosure
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as `nobody`, to escalate to `root` on affected firewalls.
2 min
Application Security
Deploy tCell More Easily With the New AWS AMI Agent
We've introduced the AWS AMI Agent for tCell, which makes it easier to deploy tCell into your software development life cycle.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Jul 15, 2022
JBOSS EAP/AS - More Deserializations? Indeed!
Community contributor Heyder Andrade added in a new
module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified
Invoker interface for versions 6.1.0 and prior. As far as we can tell this was
first disclosed by Joao Matos in his paper at
AlligatorCon
.
Later a PoC from Marcio Almeida
4 min
Vulnerability Management
InsightVM Release Update: Let’s Focus on Remediation for Just a Minute
We’re pleased to release two InsightVM updates that are aimed at not only improving VM program success but also reducing the effort to get you there.
3 min
Application Security
It’s the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP
Summer is in full swing, and that means soaring temps, backyard grill-outs, and the latest roundup of Q2 application security improvements from Rapid7.
4 min
Career Development
Creating an Exceptional Workplace: Building and Expansion in a Post-COVID World
Rapid7 is celebrating the opening of its newly expanded and designed Reading, UK office, located in the Thames Valley District at Forbury Place.
7 min
Vulnerability Management
Patch Tuesday - July 2022
One 0-day vulnerability, four Critical RCEs, and a whole bunch of fixes for Azure Site Recovery.
5 min
Career Development
The Forecast Is Flipped: Flipping L&D to Ensure Continuous Growth
Here's how Rapid7 moved away from a one-size-fits-all approach to learning and put our Moose in the driver's seat of their development.