2分钟
Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization
Rapid7's Insight Platform has officially achieved Level 2 Texas Risk 和 Authorization Management Program (TX-RAMP) authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security solutions.
3分钟
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
The new release of Metasploit Framework includes a Shadow Credentials module
added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active Directory user account or computer, 和
letting future authentication to happen as that account. This can be chained
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a
4分钟
Emergent Threat Response
CVE-2024-3400: Critical Comm和 Injection Vulnerability in Palo Alto Networks Firewalls
On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.
7分钟
Research
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
In part one of our blog series, we discussed how a Rust based application was used to download 和 execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download 和 execution of the IDAT Loader.
13分钟
Patch Tuesday
Patch Tuesday - April 2024
One late-breaking zero-day vuln. Defender for IoT critical RCEs. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE 和 Vector String Source to advisories.
3分钟
Metasploit
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities
[http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4
technique in particular has been supported for some time now thanks to the
ad_cs_cert_templates module which enables users to read 和 write certificate
template objects. This facilitates the exploitation of ESC4 which is a
misconfiguration in
5分钟
Managed Detection 和 Response (耐多药)
What’s New in Rapid7 Products & Services: Q1 2024 in Review
We kicked off 2024 with a continued focus on bringing security professionals the tools 和 functionality needed to anticipate risks, pinpoint threats, 和 respond faster with confidence.
3分钟
Rapid7 Disclosure
CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)
Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. The root cause of this vulnerability is Minerva’s implementation of OpenSSL’s OPENSSLDIR parameter, which was set to a path accessible to low-privileged users.
4分钟
Career Development
Challenges Drive Career Growth: Meet Rudina Tafhasaj
Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, 和 incredible rewards.
3分钟
Emergent Threat Response
Backdoored XZ Utils (CVE-2024-3094)
On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used comm和 line tool XZ Utils (liblzma).
3分钟
Metasploit
Metasploit Weekly Wrap-Up 03/29/2024
Metasploit adds three new exploit modules including an RCE for SharePoint.
10 min
Malware
Stories from the SOC Part 1: IDAT Loader to BruteRatel
Rapid7’s Managed Detection 和 Response (耐多药) team continuously monitors our customers' environments, identifying emerging threats 和 developing new detections.
12分钟
Metasploit
Metasploit Framework 6.4 Released
Today, Metasploit is pleased to announce the release of Metasploit Framework
6.4. It has been just over a year since the release of version 6.3
[http://cb6f.remedioscaseros12.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
和 the team has added many new features 和 improvements since then.
For news reporters, please reach out to press@remedioscaseros12.com.
Kerberos Improvements
Metasploit 6.3 included initial support for Kerberos authentication within
Metasploit 和 was one of the larger features i
2分钟
Metasploit
Metasploit Weekly Wrap-Up 03/22/2024
New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 [http://github.com/rapid7/metasploit-framework/pull/18618]
contributed by ErikWynter [http://github.com/ErikWynter]
Path: linux/http/opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
Description: This module exploits built-in functionality in OpenNMS Horizon in
order to execute arbitrary comm和s as t
2分钟
Research
Why The External Attack Surface Matters: An analysis into APAC related threat activities
Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface.