7 min
Research
Building a Printed Circuit Board Probe Testing Jig
In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.
2 min
Metasploit
Metasploit Wrap-Up: 6/26/20
Who watches the watchers?
If you are checking up on an organization using Trend Micro Web Security, it
might be you. A new module this week takes advantage of a chain of
vulnerabilities to give everyone (read unauthenticated users) a chance to decide
what threats the network might let slip through.
Following the trend, what about watchers that are not supposed to be there?
Agent Tesla Panel is a fun little trojan (not to be found zipping around on our
highways and byways) which now offers, agai
7 min
Managed Detection and Response (MDR)
Rapid7 Managed Detection and Response: The Service that Never Sleeps
In this post, we break-down everything you need to know about Rapid7 Managed Detection and Response (MDR).
2 min
Metasploit
Metasploit Wrap-Up: 6/19/20
Arista Shell Escape Exploit
Community contributor SecurityBytesMe added
an exploit module
for various Arista switches. With credentials, an attacker can SSH into a
vulnerable device and leverage a TACACS+ shell configuration to bypass
restrictions. The configuration allows the pipe character to be used only if the
pipe is preceded by a grep command. This configuration ultimately allows the
chaining
3 min
Vulnerability Management
How to Approach Risk Management: Advice from Rapid7 Customers
Learn how these security professionals approach risk, and their best advice for others looking to better their approach to risk management.
5 min
Detection and Response
How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
In this blog, we discuss how Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
7 min
Cloud Security
Security Practitioner's Intro to Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask
In this post, we provide an introductory primer to the cloud and cloud security for security professionals who want to fill in the blanks.
4 min
SIEM
SIEM Security Tools: Six Expensive Misconceptions
Understanding recent improvements to traditional SIEMs incorporated by next-generation solutions proves critical to building a confident security posture.
7 min
InsightAppSec
Unlocking the Power of Macro Authentication: Part One
In this blog post, we will review how various components of a macro work and what to keep in mind when recording a macro for authentication.
4 min
InsightVM
Monitor External and Remote Workforce Assets in Your Environment
In order to help our customers better track their remote workforce and external assets, we are introducing a new customizable dashboard within InsightVM.
2 min
Metasploit
Metasploit Wrap-Up: 6/12/20
Windows BITS CVE-2020-0787 LPE in the Metasploit tree!
This week, Grant Willcox presents his first
Metasploit module contribution
as part of our team.
Research from itm4n
yielded CVE-2020-0787
, describing a vulnerability in
the Windows Background Intelligent Transfer Serv
4 min
COVID-19
Support FAQs: Managing Your Organization’s Security in Response to COVID-19
To help you and your organization respond to the COVID-19 pandemic, we’ve assembled a list of FAQs to help maintain your existing security measures.
5 min
Vulnerability Management
How Team Collaboration Can Help You Scale Vulnerability Management
In this blog post, we’ll break down how to do this through team collaboration, key processes, and good security design.
3 min
Vulnerability Management
Patch Tuesday - June 2020
June 2020's Microsoft Patch Tuesday
gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses
CVE-2020-9633
-- a high severity remote code execution vulnerability). While the consistently
high volume of vulnerabilities being addressed each month is alarming at times,
there is a sense of peace in the steps Micros
6 min
Managed Detection and Response (MDR)
Maturing Your Security Posture: Around-the-Clock Threat Detection With Managed Detection & Response (MDR) Services
Recently, we sat down with Jeremiah Dewey, Rapid7’s VP of Managed Services, to chat about how MDR services strengthen traditional security products.