Metasploit Wrap-Up
Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF and achieved 100 or more points: If you missed out on participating in this…
Metasploit Wrap-Up
Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!…
Metasploit Wrap-Up
It's CTF week(end)! Plus, steal files from Apache Tomcat servers thanks to a new Ghostcat exploit, and dump process memory with a new post module that leverages Avast AV's built-in AvDump utility.…
This One Time on a Pen Test: CSRF to Password Reset Phishing
In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.…
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.…
Metasploit Wrap-Up
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.…
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.…
Metasploit Wrap-Up
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.…
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
In this iteration of our "This One Time on a Pen Test" series, our client was a private equity company, and the task was to do an onsite wireless pen test from the lobby outside their office.…
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.…
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.…
This One Time on a Pen Test: Ain’t No Fence High Enough
In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.…
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.…
Metasploit Wrap-Up
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.…
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.…
