Rapid7 Blog

Metasploit Weekly Wrapup  

Metasploit Wrapup

I Read the News Today, Oh Boy As we near the end of the year we must express appreciation for the Metasploit community as a whole. Each contribution is valuable, be it an exploit for the latest vulnerability, documentation, spelling corrections, or anything in between.…

Metasploit Wrapup

Have you ever been on a conference call where you really wished you could take command of the situation? With Metasploit Framework and the new Polycom HDX exploit, you can (if given permission by the owner of the device, that is)! If teleconferencing isn't your…

Metasploit Wrapup

Here in the U.S., we just celebrated Thanksgiving, which involves being thankful, seeing friends and family, and eating entirely too much (I know that last one is not uncommon here). After a large meal and vacation, we figured that it would be a nice,…

Metasploit Wrapup

This is a time of year when many folks in the U.S. reflect on things in their lives that they are thankful for. There’s also usually a turkey involved, but we figured we’d pardon the bird this wrapup and just focus on…

Metasploit Wrapup

Metasploit kicked November off to a roaring start with a wholesome dose of RCE, LPE, command injection, DoS, and more fixes/improvements. So many file choosers…but which one to choose? Big ups to @RootUP for the DoS module targeting a vulnerability in IBM’s…

Metasploit Wrapup

What’s New? This week’s release sees multiple improvements and corrections, some years in the making! We fixed an interesting bug in the initial handshake with meterpreter that caused some payload callbacks to fail, improved error and information reporting in other modules, and then…

Metasploit Wrapup

Would you like to help Metasploit Framework and get a free t-shirt? There is still a bit of October left, which means you can totally still sign up for Hacktoberfest: a fun annual project to encourage open source software contributions! Make four pull requests on…

Metasploit Wrapup

Exploits for hours. Gather 'round with a pocket full of shells.…

Metasploit Wrapup

What's coming down the pipeline for Metasploit? Brent Cook brings you October's first Metasploit wrap-up.…

Metasploit Wrapup

To celebrate this first day of Autumn[1], we've got a potpourri of "things Metasploit" for you this week. And it might smell a bit like "pumpkin spice"... Or it might not. Who knows? Winter is Coming If you're looking to…

Metasploit Wrapup

It's been a hot minute since the last Metasploit Wrapup. So why not take in our snazzy new Rapid7 blog makeover and catch up on what's been goin' down! You can't spell 'Struts' without 'trust' Or perhaps you can! With the all the current news…

Metasploit Wrapup

Slowloris: SMB edition Taking a page from the Slowloris HTTP DoS attack, the aptly named SMBLoris DoS attack exploits a vuln contained in many Windows releases (back to Windows 2000) and also affects Samba (a popular open source SMB implementation). Through creation of many connections…

Metasploit Wrapup

Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and…

Metasploit Wrapup

A fresh, new UAC bypass module for Windows 10!Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works…

Metasploit Wrapup

It has only been one week since the last wrapup, so it's not like much could have happened, right? Wrong! Misery Loves Company After last week's excitement with Metasploit's version of ETERNALBLUE (AKA the Wannacry vulnerability), this week SAMBA had its own "Hold My…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now