7 min
Career Development
Rapid7 in Prague: Pete Rubio Shares Insights and Excitement for the New Office
Pete Rubio is the Senior Vice President, Platform & Engineering. Here he discusses the company's newest office in Prague, Czech Republic.
6 min
InsightAppSec
InsightAppSec: Improving Scan Speed and Performance
When scanning a web application in InsightAppSec, you might see it take several hours, if not several days, to run. This can be due to the size of your web app, but plenty of settings in your scan configuration can be modified to help scans complete faster.
5 min
Metasploit
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
detect any suspicious activity. One common way to do so is to add user-land
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
3 min
Security Operations (SOC)
Building the Best SOC Takes Strategic Thinking
So your security team is ready to scale up its security operations center, or
SOC, to better meet the security needs of your organization. That’s great news.
But there are some very important strategic questions that need to be answered
if you want to build the most effective SOC you can and avoid some of the most
common pitfalls teams of any size can encounter.
The Gartner® report SOC Model Guide,
[http://nx3lft.goudounet.com/info/soc-model-guide/] is an excellent resource for
understanding how to
2 min
Emergent Threat Response
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/19/24
Unicode your way to a php payload and three modules to add to your playbook for
Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php
filter chaining to prepend a payload using encoding conversion characters and
h00die et. al. have come through and added 3 new Ansible post modules to gather
configuration information, read files, and deploy payloads. While none offer
instantaneous answers across the universe, they will certainly help in red team
exercises.
New module
3 min
Emergent Threat Response
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
widely deployed software this week. Atlassian disclosed
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter Server advisory
[http://www.vmwar
3 min
IoT
Privacy, Security, and Connected Devices: Key Takeaways From CES 2024
The topic of data privacy has become so relevant in our age of smart technology.
With everything becoming connected, including our homes, workplaces, cities, and
even our cars, those who develop this technology are obligated to identify
consumers' expectations for privacy and then find the best ways to meet those
expectations. This of course includes determining how to best secure the data
with which these technologies interact. As you can imagine, accomplishing these
requirements is no easy fea
4 min
CISOs
How CISOs’ Roles – and Security Operations – Will Change in 2024
It’s fair to say that 2023 was a turning point for the cybersecurity industry,
and no one felt it more than the CISO. From the onslaught of ransomware and
zero-day attacks,
[http://nx3lft.goudounet.com/blog/post/2024/01/12/2023-ransomware-stats-a-look-back-to-plan-ahead/]
to the SEC’s new reporting rules
[http://nx3lft.goudounet.com/globalassets/_pdfs/policy/sec-cybersecurity-compliance-solution-brief.pdf]
, and added to technological innovation and sprawl, CISOs have never been under
more pressure to ge
5 min
Vulnerability Management
Whispers of Atlantida: Safeguarding Your Digital Treasure
Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded.
7 min
Application Security
Application Security Posture Management
In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to accelerate triaging, prioritization and remediation of findings from security testing products such as InsightAppSec and InsightCloudSec
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/12/24
New module content (1)
Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor
Author: Pasquale 'sid' Fiorillo
Type: Post
Pull request: #18604 [http://github.com/rapid7/metasploit-framework/pull/18604]
contributed by siddolo [http://github.com/siddolo]
Path: windows/gather/credentials/winbox_settings
Description: This pull request introduces a new post module to extract the
Mikrotik Winbox credentials, which are saved in the settings.cfg.viw file when
the "Keep Password" option
4 min
Ransomware
2023 Ransomware Stats: A Look Back To Plan Ahead
As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, and how can we use them to plan for the year ahead?
3 min
CISOs
4 Questions for CISOs to Reduce Threat Exposure Risk
The report, 2024 Strategic Roadmap for Managing Threat Exposure, can help CISOs and other top executives steer away from risk by analyzing their attack surfaces for gaps.
6 min
Emergent Threat Response
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Ivanti Connect Secure and Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks and conduct a range of nefarious activities, including backdooring legitimate files.