Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Wei Chen  

AUTHOR STATS:

46

12 Days of HaXmas: Opening Up My Top Secret Metasploit Time Capsule

This post is the second in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. For today's HaXmas amusement, I have something fun to share with…

Good-bye msfpayload and msfencode

Greetings all, On behalf of the Metasploit's development teams, I'd like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will…

Metasploit Weekly Update: Prison Break

In this week's Metasploit update, we'd like to introduce two sandbox escaping exploits for Internet Explorer, and demonstrate how you're supposed to use them. The two we're covering are MS13-097, an escape due to Windows registry symlinks. And MS14-009, by exploiting a type traversal bug…

"Hack Away at the Unessential" with ExpLib2 in Metasploit

This blog post was jointly written by Wei sinn3r Chen and Juan Vazquez Memory corruption exploitation is not how it used to be. With modern mitigations in place, such as GS, SafeSEH, SEHOP, DEP, ASLR/FASLR, EAF+, ASR, VTable guards, memory randomization, and sealed optimization,…

Weekly Metasploit Update: Encoding-Fu, New Powershell Payload, Bug Fixes

I Got 99 Problems but a Limited Charset Ain't One In this week's Metasploit weekly update, we begin with OJ TheColonial Reeves' new optimized sub encoding module (opt_sub.rb). As the name implies, this encoder takes advantage of the SUB assembly instruction to encode…

Let's Talk About Your Security Breach with Metasploit. Literally. In Real Time.

During a recent business trip in Boston, Tod and I sat down in a bar with the rest of the Metasploit team, and shared our own random alcohol-driven ideas on Metasploit hacking. At one point we started talking about hacking webcams. At that time Metasploit…

Pwn Faster with Metasploit's Multi-Host Check Command

One of the most popular requests I've received from professional penetration testers is that they often need to be able to break into a network as fast as possible, and as many as possible during an engagement. While Metasploit Pro or even the community edition…

Metasploit Now Supports Malware Analysis via VirusTotal

VirusTotal is a free online service that allows you to analyze files or URLs in order to identify malware detectable by antivirus engines, and is one of the most popular ones in the community, so we decided to get a piece of that action. As…

12 Days of HaXmas: A Cat and Mouse Game Between Exploits and Antivirus

This post is the twelfth, and last, in a series, 12 Days of HaXmas, where we take a look at some of the more notable advancements in the Metasploit Framework over the course of 2013. In the final episode of 12 Days of HaXmas, we'll…

12 Days of HaXmas: Donut Vigilante Raided and Arrested at Metasploit HQ

This post is the tenth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2013.For the past couple of months, the Austin office of Rapid7 saw an…

12 Days of HaXmas: Impress Your Family With Elite Metasploit Wizardry

This post is the fourth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2013. Every year during a major holiday, we crawl out from our own bat…

12 Days of HaXmas: Apple Safari Makes Password Stealing Fun and Easy? Yes, Please!

This post is the second in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2013.If you are reading this blog post, I reckon you are somewhat a…

Metasploit releases CVE-2013-3893 (IE SetMouseCapture Use-After-Free)

Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still…

Here's that FBI Firefox Exploit for You (CVE-2013-1690)

Hello fellow hackers, I hope you guys had a blast at Defcon partying it up and hacking all the things, because ready or not, here's more work for you.  During the second day of the conference, I noticed a reddit post regarding some Mozilla Firefox…

Have a Taste of Communism with a Mouthful of APT

Everyone loves a good cyber-espionage story, and we love to put China under the spotlight.  Why? Because their methods work.  China has some well known hacking groups that have conducted cyber-espionage-oriented attacks, such as the Elderwood Group, Unit 61398, the Nitro gang, etc.…