Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Zero-day  

Weekly Metasploit Update: Java 0-Day, Meterpreter Network Commands, and More!

Time to chalk up one more victory for the forces of goodness and light in our struggle against secret 0-day.Java 0-Day Exploit ShippedIf you pay any attention at all to the usual security news, you will have certainly already heard about how Accuvant's Josh…

Let's start the week with a new Java 0-day in Metasploit

On late Sunday night, the Metasploit Exploit team was looking for kicks, and heard the word on the street that someone was passing around a reliable Java 0-day exploit. Big thanks to Joshua J. Drake (jduck), we got our hands on that PoC, and then…

Writing a Metasploit Exploit for the Adobe Flash Vulnerability CVE-2012-0779

Ever since the first sightings of a new zero-day attack (CVE-2012-0779) on Adobe Flash last month, the exact path of exploitation has been somewhat of a mystery. The attacks were specifically targeted against defense contractors and other victims as part of a spear phishing attack,…

Weekly Metasploit Update: Zero Days, Deprecated Commands, and More!

This week's release sees a quiet vulnerability fix, an exploit against an unpatched vulnerability in Microsoft's XML Core Services, and some helpful new/old commands, as well as the usual pile of exploity goodness you've come to expect from the Metasploit kitchen.Vulnerabilities? In My…

New Critical Microsoft IE Zero-Day Exploits in Metasploit

We've been noticing a lot of exploit activities against Microsoft vulnerabilities lately. We decided to look into some of these attacks, and released two modules for CVE-2012-1889 and CVE-2012-1875 within a week of the vulnerabilities' publication for our users to test their systems. Please note…

Zero-Day Attacks: Don't Believe the Hype

Microsoft Security Intelligence Report Volume 11 for the first half of 2011 offers solid evidence to support what security researchers have been shouting feverishly for the last year. This is just more data to confirm that zero-day attacks – while they can certainly cause damage…