5 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)
In this edition of our NICER Protocol Deep Dive blog series, we cover the internet exposure of the Microsoft SQL Server.
3 min
Metasploit
Metasploit Wrap-Up: 11/20/20
Two new RCE-capable modules and some good fixes and enhancements!
7 min
Metasploit
Announcing the 2020 December Metasploit Community CTF
It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: CSRF to Password Reset Phishing
In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.
2 min
Public Policy
Congress unanimously passes federal IoT security law
Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.
1 min
Under the Hoodie
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.
13 min
Research
Don’t Put It on the Internet: Tesla Backup Gateway Edition
In this blog, we address Tesla Backup Gateways and identify key areas where Tesla could improve security and privacy to help customers protect themselves.
3 min
Vulnerability Management
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management
programs
focused solely on servers, running quarterly scans that targeted only critical
systems.
But that was then, and you can’t afford such a limited view in the now. Truth
is, vulnerability exploitation now happens indiscriminately across the modern
attack surface—from local and remote endpoints to on-prem and cloud
infrastructure to we
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 11/13/20
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.
5 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of MySQL
In the latest edition of our "NICER Protocol Deep Dive blog series, we take a more detailed look at the internet exposure of MySQL.
4 min
Detection and Response
2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM
In this post, we’ll explore how a cloud SIEM, like Rapid7 InsightIDR, may be more relevant and impactful than ever before.
3 min
Vulnerability Management
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved,
Microsoft covers 112 CVEs this November affecting products ranging from our
standard Windows Operating Systems and Microsoft Office products to some new
entries such as Azure Sphere.
Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege
Vulnerability
Coming as no surprise to anyone, the previously disclosed CVE-2020-17087
zero-day
2 min
Emergent Threat Response
VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know
What’s up?
On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community
to evidence of
active exploitation attempts of CVE-2020-3992
and/or CVE-2019-5544
, which are remote code execution (RCE)
2 min
News
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.
5 min
InsightIDR
Visualizing Network Traffic Data to Drive Action
In this blog, we cover the top five multi-groupby queries that can be used to visualize network sensor data with the Insight Network Sensor.