All Posts

4 min Metasploit

Metasploit Weekly Wrap-Up 02/23/2024

LDAP Capture module Metasploit now has an LDAP capture module thanks to the work of JustAnda7 []. This work was completed as part of the Google Summer of Code program. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for BindRequest, SearchRequest, UnbindRequest, and will capture both plaintext credentials and NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin

3 min Vulnerability Management

High-Risk Vulnerabilities in ConnectWise ScreenConnect

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier.

3 min InsightVM

Explanation of New Authenticated Scanning PCI DSS Requirement in PCI DSS V4.0 and how InsightVM can help meet the Requirement

As a Certified Qualified Security Assessor (QSA) company and a trusted Rapid7 partner, MegaplanIT is committed to guiding organizations through the complexities of compliance and security standards.

5 min Metasploit

Metasploit Weekly Wrap-Up 02/16/2024

New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads [] and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded that protocol support to include SMB, allowing payloads to be run using rundll3

7 min Incident Response

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.

3 min Career Development

Paving a Path to Systems Administration: Naeem Jones’ Journey with Rapid7

Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.

9 min Patch Tuesday

Patch Tuesday - February 2024

Windows SmartScreen & Internet Shortcut EitW. Office Protected Mode bypass. Exchange critical elevation of privilege.

11 min Vulnerability Disclosure

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices.

2 min Emergent Threat Response

Critical Fortinet FortiOS CVE-2024-21762 Exploited

CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored and other motivated adversaries.

2 min Metasploit

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint which is used during the products initial setup to create the first administrator user. After setup has completed, this endpoint is supposed to be no longer available. Attackers can use this vulnerability

3 min Gartner

5 Insights from the Latest Cybersecurity Trends Research

we’ve singled out five quick insights security professionals and stakeholders should consider when looking ahead. These findings are based on Top Trends in Cybersecurity for 2024, a new research report from Gartner®.

1 min Awards

Celebrating Excellence: Alex Page Recognized As a CRN 2024 Channel Chief

Congratulations to Rapid7’s Vice President of Global Channel Sales, Alex Page, who is named among the newly-announced CRN 2024 Channel Chiefs!

3 min

Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service

Cybercrime has boomed to the third largest economy in the world behind the US and China, with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a major breach.

14 min Ransomware

Exploring the (Not So) Secret Code of Black Hunt Ransomware

In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.

2 min Metasploit

Metasploit Weekly Wrap-Up 02/02/2024

Shared RubySMB Service Improvements This week’s updates include improvements to [] Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed concurrently. Currently, there are 15 SMB modules in Metasploit Framework that utilize this feature. New module content (2) Mirth Connect Deseria