Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

Rapid7 Blog

Adam Cammack  



Santa's ELFs: Running Linux Executables Without execve

Santa's ELFs do not get a post-holiday break, since the Executable and Linkable Format (ELF) is the base of numerous Unix-like operating systems.…

Metasploit Wrapup

Why can't I hold all these Pull Requests? It has been a busy month here in Metasploit-land, with the holidays, the holiday community contributions, and our community CTF. It doesn't help that the last few months have seen our open pull request count keep climbing…

Metasploit Wrapup

Ghost(script) in the shell There has been a lot of buzz the last couple weeks about Google Project Zero's Tavis Ormandy's new Ghostscript -dSAFER bypass, now complete with a Metasploit module. With some valiant work by wvu and taviso himself, the latest way to…

External Metasploit Modules: The Gift that Keeps on Slithering

For HaXmas last December, I wrote about the introduction of Python modules to Metasploit Framework. As our module count keeps on growing, we thought that it would be a good time to update the community on where we are at.…

Metasploit Wrapup

Just Let Me Grab My Popcorn First This week, rmdavy contributed a pair of modules designed to fool Windows into authenticating to you so you can capture sweet, sweet NetNTLM hashes. BadODT targets LibreOffice/Apache OpenOffice by providing a link to an image on a…

Regifting Python in Metasploit

Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.…