2 min
Metasploit
Metasploit Weekly Wrap-Up 03/22/2024
New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 [https://github.com/rapid7/metasploit-framework/pull/18618]
contributed by ErikWynter [https://github.com/ErikWynter]
Path: linux/http/opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
[https://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
Description: This module exploits built-in functionality in OpenNMS Horizon in
order to execute arbitrary commands as t
2 min
Research
Why The External Attack Surface Matters: An analysis into APAC related threat activities
Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface.
9 min
Research
The Updated APT Playbook: Tales from the Kimsuky threat actor group
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
2 min
Vulnerability Management
Rapid7 offers continued vulnerability coverage in the face of NVD delays
Recently, the US National Institute of Standards and Technology (NIST) announced
on the National Vulnerability Database (NVD) site [https://nvd.nist.gov/] that
there would be delays in adding information on newly published CVEs. NVD
enriches CVEs with basic details about a vulnerability like the vulnerability’s
CVSS score, software products impacted by a CVE, information on the bug,
patching status, etc. Since February 12th, 2024, NVD has largely stopped
enriching vulnerabilities.
Given the bro
2 min
Metasploit
Metasploit Wrap-Up 03/15/2024
New module content (3)
GitLab Password Reset Account Takeover
Authors: asterion04 and h00die
Type: Auxiliary
Pull request: #18716 [https://github.com/rapid7/metasploit-framework/pull/18716]
contributed by h00die [https://github.com/h00die]
Path: admin/http/gitlab_password_reset_account_takeover
AttackerKB reference: CVE-2023-7028
[https://attackerkb.com/search?q=CVE-2023-7028?referrer=blog]
Description: This adds an exploit module that leverages an account-take-over
vulnerability to take contr
2 min
Career Development
Rapid7’s Ciara Cullinan Recognized as Community Trailblazer in Belfast Awards Program
At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award.
8 min
Vulnerability Management
Patch Tuesday - March 2024
No zero-day vulns this month. A single critical RCE: Hyper-V guest escape. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes Service Confidential Containers. Windows 11 compressed folders.
3 min
Metasploit
Metasploit Wrap-Up 03/08/2024
New module content (2)
GitLab Tags RSS feed email disclosure
Authors: erruquill and n00bhaxor
Type: Auxiliary
Pull request: #18821 [https://github.com/rapid7/metasploit-framework/pull/18821]
contributed by n00bhaxor [https://github.com/n00bhaxor]
Path: gather/gitlab_tags_rss_feed_email_disclosure
AttackerKB reference: CVE-2023-5612
[https://attackerkb.com/search?q=CVE-2023-5612?referrer=blog]
Description: This adds an auxiliary module that leverages an information
disclosure vulnerability (CVE
9 min
InsightCloudSec
Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec
Cloud gaming, powered by giants like AWS, is transforming the gaming industry, offering unparalleled accessibility and dynamic gaming experiences. Yet, with this technological leap forward comes an increase in cyber threats.
6 min
7 Rapid Questions
7 Rapid Questions with #77 Ray Bourque
We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship.
2 min
Cybersecurity
Lessons from video game companies: automation unleashes robust monitoring & observability
In this blog post, we’ll delve into how monitoring and observability capabilities enable video game organizations to bolster their cybersecurity defenses – and provide a better, more reliable gaming experience.
19 min
Emergent Threat Response
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 and CVE-2024-27199, both of which are authentication bypasses.
2 min
Metasploit
Metasploit Weekly Wrap-Up 03/01/2024
Metasploit adds an RCE exploit for ConnectWise ScreenConnect and new documentation for exploiting ESC13.
7 min
Velociraptor
How To Hunt For UEFI Malware Using Velociraptor
UEFI threats have historically been limited in number and mostly implemented by
nation state actors as stealthy persistence. However, the recent proliferation
of Black Lotus on the dark web, Trickbot enumeration module (late 2022), and
Glupteba (November 2023) indicates that this historical trend may be changing.
With this context, it is becoming important for security practitioners to
understand visibility and collection capabilities for UEFI threats
[https://www.rapid7.com/info/understanding
4 min
Metasploit
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module
Metasploit now has an LDAP capture module thanks to the work of
JustAnda7 [https://github.com/JustAnda7]. This work was completed as part of the
Google Summer of Code program.
When the module runs it will by default require privileges to listen on port
389. The module implements a default implementation for BindRequest,
SearchRequest, UnbindRequest, and will capture both plaintext credentials and
NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin