Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Recent Posts

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.…

Metasploit Wrap-Up

Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.…

How InsightAppSec Can Help You Improve Your Approach to Application Security

In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.…

4 Key Lessons from the Citycomp Data Breach

On April 30, 2019 Motherboard reported on a combined data breach and extortion attempt against Citycomp, a network and internet infrastructure firm based in Germany.…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).…

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.…

Metasploit Wrap-Up

Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 2: Nordic RF Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).…

Capture the Flag: Red Team vs. Cloud SIEM

Here's how InsightIDR fared in a recent Capture the Flag (CTF) meetup with a special blue-team element.…

Metasploit Wrap-Up

A more useful use command From among the many musings of longtime contributor/team member Brent Cook, in a combined effort with the ever-present wvu, the use command has become so much more useful. PR 11724 takes new functionality from search -u one step further…

Explore Cloud Security at Rapid7’s Boost 2019 Customer Conference

Exciting news! We are hosting Boost 2019, a free, one-day customer conference where you can dig deep into cloud security no matter where you are on your journey.…

How to Choose the Right Application Security Tool for Your Organization

In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers

As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.…

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…

Metasploit Wrap-Up

WordPress RCE tiyeuse submitted a Metasploit module for an authenticated remote code execution vulnerability in WordPress, which was described in a blog post by RIPS Technology. After authenticating as a user with at least author privileges, the module starts by uploading an image file with…