Metasploit Wrap-Up
Fall is in the air, October is on the way, and it is Friday the 13th. We have a lot of updates and features that landed this week, though none are particularly spooky, and unfortunately, none are json-related…1 We recently updated our digital signing…
How Rapid7 Industry Research Strengthens InsightVM
Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.…
Metasploit Wrap-Up
At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.…
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework.…
Metasploit Wrap-Up
Back to school blues Summer is winding down and while our for contributions haven't dropped off (thanks y'all!), we've been tied up with events and a heap of research. Don't despair, though: our own Brent Cook, Pearce Barry, Jeffrey Martin, and Matthew Kienow will be…
Metasploit Wrap-Up
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.…
Metasploit Wrap-Up
Hacker Summer Camp Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of epic hacks, good conversation, and even a little business! If you managed…
Metasploit Wrap-Up
Keep on Bluekeepin’ on TomSellers added a new option to the increasingly useful Bluekeep Scanner module that allows execution of a DoS attack when running the module. This adds a new level of effectiveness in proving the severity of this vulnerability. As part of this…
Metasploit Wrap-Up
A new feature, better `set payload` options, and new modules. Plus, open-source office hours in Vegas during hacker summer camp.…
Introducing Pingback Payloads
The Metasploit team added a new feature to Framework that improves safety and offers another avenue in MSF for novel evasion techniques: pingback payloads.…
Metasploit Wrap-Up
First!! Congrats to Nick Tyrer for the first community contibuted evasion module to land in master. Nick's evasion/windows/applocker_evasion_install_util module leverages the trusted InstallUtil.exe binary to execute user supplied code and evade application whitelisting. New modules (4) WP Database Backup…
[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests
Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.…
Metasploit Wrap-Up
RCE with a Key An exploit module for Laravel Framework was submitted by community contributor aushack. The module targets an insecure unserialize call with the X-XSRF-TOKEN HTTP request header, which was discovered by Ståle Pettersen. Since the exploit requires the Laravel APP_KEY to reach…
End of Sale Announced for Metasploit Community
Today we are announcing end of sale for Metasploit Community Edition, effective immediately.…
Metasploit Open Source Office Hours: Vegas 2019
The Metasploit crew at Rapid7 is headed out to Las Vegas for DEF CON 27, bringing a new incarnation of the Open Source Security Meetup (OSSM) with us! We will have a Metasploit Suite at Bally’s this year, where we’ll be hosting “Open…
