Rapid7 Blog

Brendan Watters  



Metasploit Wrapup

Have you ever been on a conference call where you really wished you could take command of the situation? With Metasploit Framework and the new Polycom HDX exploit, you can (if given permission by the owner of the device, that is)! If teleconferencing isn't your…

Metasploit Wrapup

Here in the U.S., we just celebrated Thanksgiving, which involves being thankful, seeing friends and family, and eating entirely too much (I know that last one is not uncommon here). After a large meal and vacation, we figured that it would be a nice,…

Metasploit Wrapup

What’s New? This week’s release sees multiple improvements and corrections, some years in the making! We fixed an interesting bug in the initial handshake with meterpreter that caused some payload callbacks to fail, improved error and information reporting in other modules, and then…

Building a Backpack Hypervisor

Researcher, engineer, and Metasploit contributor Brendan Watters shares his experience building a backpack-size hypervisor.…

Virtual Machine Automation (vm-automation) repository released

Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are supported, but I have high hopes…

Metasploit Wrapup

Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and…

Metasploit Wrapup

A fresh, new UAC bypass module for Windows 10!Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works…

Metasploit Wrapup

It has only been one week since the last wrapup, so it's not like much could have happened, right? Wrong! Misery Loves Company After last week's excitement with Metasploit's version of ETERNALBLUE (AKA the Wannacry vulnerability), this week SAMBA had its own "Hold My…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More


Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now


Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now