All Posts

7 min Incident Response

Investigating a SharePoint Compromise: IR Tales from the Field

Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.

7 min Surface Command

The Importance of Asset Context in Attack Surface Management.

This topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.

2 min Metasploit

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc library, and the second, CVE-2024-2961 is a single

6 min Surface Command

Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command

With our recent launch of the Command Platform, Rapid7 now delivers a more comprehensive view of your attack surface, with transparency that you can trust.

3 min Emergent Threat Response

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.

3 min Metasploit

Metasploit Weekly Wrap-Up 10/18/2024

ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique (hence the the ESC in ESC15) was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance requirements to other ESC flaws such as requiring no authorized signatures or manager approval. Additionally, templa

4 min Career Development

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme.

5 min Attack Surface Security

Understanding your Attack Surface: Different Approaches to Asset Discovery

In this post, we’ll delve intoprocess of discovering assets. We cannot secure what we cannot see so getting this piece right is foundational to the success of your ASM program. This blog will explore four different methods of asset discovery starting with the most basic, deployed software agents.

1 min IoT

Root Access for Data Control: A DEF CON IoT Village Story

Our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.

2 min Rapid7 Culture

Test Driving a New Benefit Programme in Belfast

Rapid7’s electric vehicle scheme was rolled out in late 2023 for Belfast employees. The programme enables employees to lease an electric car via their employer and pay for it on a salary sacrifice basis, offering substantial tax and national insurance savings.

13 min Vulnerability Management

Patch Tuesday - October 2024

5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.

2 min Metasploit

Metasploit Weekly Wrap-Up 10/04/2024

New module content (3) cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: #19510 contributed by bcoles Path: scanner/misc/cups_browsed_info_disclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services. Acronis Cyber Infrastructure default password remote code execution Authors: Acronis Internatio

5 min Attack Surface Security

The Main Components of an Attack Surface Management (ASM) Strategy

In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand.

7 min Labs

Ransomware Groups Demystified: CyberVolk Ransomware

As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024.

4 min Vulnerability Management

Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management

This is where continuous threat exposure management (CTEM) comes into play – an approach that shifts the focus from merely identifying vulnerabilities to understanding and mitigating exposures across the entire attack surface.