4 min
Penetration Testing
Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization.
2 min
Penetration Testing
Details Matter: Pentesting a single device to guarantee security
Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network.
4 min
Penetration Testing
Buying Stuff For Free From Shopping Websites
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install.
2 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 12/8/2023
New this week: An OwnCloud gather module and a Docker cgroups container escape. Plus, an early feature that allows users to search module actions, targets, and aliases.
7 min
Penetration Testing
PenTales: What It’s Like on the Red Team
In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.
3 min
Penetration Testing
Why Physical Social Engineering Engagements are an Important Part of Security
In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.
4 min
Penetration Testing
PenTales: There Are Many Ways to Infiltrate the Cloud
At Rapid7 we love a good pen test story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
Rapid7 was engaged to do an AWS cloud ecosystem pentest for a large insurance
group. The test included looking at internal and external as
3 min
Penetration Testing
PenTales: Testing Security Health for a Healthcare Company
At Rapid7 we love a good pen test story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
Rapid7 was tasked with testing a provider website in the healthcare industry.
Providers had the ability on the website to apply for jobs
6 min
Penetration Testing
PenTales: Old Vulnerabilities, New Tricks
At Rapid7 we love a good pentest story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
This engagement began like any other Internal Network Penetration test
[http://usgugu.xcslscl.com/fundamentals/penetration-testing/]. I follo
3 min
Penetration Testing
PenTales: “User enumeration is not a vulnerability” – I beg to differ
In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.
6 min
Metasploit
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.
11 min
Penetration Testing
AppDomain Manager Injection: New Techniques For Red Teams
This article details a variety of ways to perform and utilize AppDomain Manager Injection during red team operations.
13 min
Metasploit
Metasploit Framework 6.3 Released
Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
5 min
Haxmas
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time
to give thanks to all the people that help make our load a little bit lighter.
So, while this end-of-year wrap-up is a highlight reel of the headline features
and extensions that landed in Metasploit-land in 2022, we also want to express
our gratitude and appreciation for our stellar community of contributors,
maintainers, and users. The Metasploit team merged 824 pull requests across
Metasploit-related projects in 20