2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 12/9/22
Login brute-force utility
Jan Rude [http://github.com/whoot] added a new module that gives users the
ability to brute-force login for Linux Syncovery. This expands Framework's
capability to scan logins to Syncovery, a popular web GUI for backups.
WordPress extension SQL injection module
Cydave [http://github.com/cydave], destr4ct [http://github.com/destr4ct], and
jheysel-r7 [http://github.com/jheysel-r7] contributed a new module that takes
advantage of a vulnerable WordPress extension. Thi
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/14/22
Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.
3 min
InsightIDR
A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR
At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.
9 min
Metasploit
Announcing Metasploit 6.2
Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.
4 min
Research
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
7 min
Research
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.
4 min
Research
Cloud Pentesting, Pt. 1: Breaking Down the Basics
More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?
2 min
Metasploit
Metasploit Wrap-Up: Feb. 11, 2022
Welcome, Little Hippo: PetitPotam
Our very own @zeroSteiner [http://github.com/zeroSteiner] ported
[http://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam
[http://github.com/topotam/PetitPotam] exploit to Metasploit this week. This
module leverages CVE-2021-36942
[http://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a
vulnerability in the Windows Encrypting File System (EFS) API, to capture
machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Feb. 4, 2022
A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Oct. 29, 2021
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/22/21
Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/15/21
Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/24/21
A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Aug. 20, 2021
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/13/21
Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.