Posts tagged Penetration Testing

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 12/9/22

Login brute-force utility Jan Rude [http://github.com/whoot] added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave [http://github.com/cydave], destr4ct [http://github.com/destr4ct], and jheysel-r7 [http://github.com/jheysel-r7] contributed a new module that takes advantage of a vulnerable WordPress extension. Thi

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/14/22

Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.

3 min InsightIDR

A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR

At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.

9 min Metasploit

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.

4 min Research

Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity

Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.

7 min Research

Cloud Pentesting, Pt. 2: Testing Across Different Deployments

Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.

4 min Research

Cloud Pentesting, Pt. 1: Breaking Down the Basics

More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?

2 min Metasploit

Metasploit Wrap-Up: Feb. 11, 2022

Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner [http://github.com/zeroSteiner] ported [http://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam [http://github.com/topotam/PetitPotam] exploit to Metasploit this week. This module leverages CVE-2021-36942 [http://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Feb. 4, 2022

A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Oct. 29, 2021

Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/22/21

Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 10/15/21

Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/24/21

A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: Aug. 20, 2021

New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 8/13/21

Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.