2 min
Metasploit
Metasploit总结05/10/2024
密码喷洒支持
Multiple bruteforce/login scanner modules have been updated to support a
PASSWORD_SPRAY模块选项. 这项工作在pull request #19079中完成
[http://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus
[http://github.com/nrathaus] as well as an additional update from our
开发人员[http://github.com/rapid7/metasploit-framework/pull/19158] . When
the password spraying option is set, the order of attempted users and password
尝试改变了
8 min
事件响应
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
2 min
Ransomware
Layered Defense to Stop Attacks Before they Begin
Ransomware has evolved from opportunistic attacks to highly orchestrated campaigns driven by cyber criminals who are seeking high financial gains.
2 min
职业发展
Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council
Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC).
1 min
Events
Take Command Summit: A Message from Rapid7 Chairman and CEO, Corey Thomas
Rapid7指挥峰会
[http://rapid7.brighttalk.com/?utm_source =博客&utm_medium =网站&utm_content = blog-3&utm_campaign=global-mdr-take-command-summmit-prospect-eng-cyas]
就剩短短两周了吗. 我们正忙着整理最
impactful programs on the latest in cybersecurity trends, technology, and
innovations available, and we are eager to share it with all of you.
So eager, in fact, that Chairman and CEO of Rapid7, Corey Thomas, has a special
分享信息.
2 min
Metasploit
Metasploit周报05/03/24
内联转储秘密
This week, our very own cdelafuente-r7 [http://github.com/cdelafuente-r7]添加
a significant improvement to the well-known Windows Secrets Dump module
[http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb]
to reduce the footprint when dumping SAM hashes, LSA secrets and cached
凭证. The module is now directly reading the Windows Registry remotely
without having to dump the full registry keys to disk and parse th
2 min
Events
Take Command峰会: A Stacked Agenda, and Killer Guest Speakers Coming Your Way May 21
Take Command峰会, Rapid7将于5月21日举行为期一天的虚拟峰会, is bringing together some of the best minds in the cybersecurity sphere for comprehensive discussions on the latest data, 挑战, 以及这个行业的机遇
4 min
网络安全所有权业务
Cyber ownership can often be overlooked or misunderstood within an organization. Responsibility and accountability should not rest solely on the CISO's shoulders.
11 min
伶盗龙
迅猛龙0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More
Rapid7 is very excited to announce that version 0.7.2 of 伶盗龙 is now fully available for download. In this post we’ll discuss some of the interesting new features.
4 min
Metasploit
Metasploit周报04/26/24
牧场主模块
This week, Metasploit community member h00die [http://github.com/h00die]添加
the second of two modules targeting Rancher instances. 这些模块每个泄漏
sensitive information from vulnerable instances of the application which is
用于管理Kubernetes集群. 这些都是一个伟大的补充
Metasploit’s coverage for testing Kubernetes environments
[http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS远端控制设备
Metasploit也发布了一份电子邮件
2 min
Awards
USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award
上个星期五, 4月19日, the University of South Florida (USF) College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa.
3 min
紧急威胁响应
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. Successful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.
2 min
Events
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. 你将获得新的攻击情报, 对人工智能颠覆的洞察, 透明的耐多药耐药性伙伴关系, 和更多的.
2 min
Metasploit
Metasploit周报04/19/24
欢迎Ryan和新的CrushFTP模块
It's not every week we add an awesome new exploit module to the Framework while
adding the original discoverer of the vulnerability to the Rapid7 team as well.
We're very excited to welcome Ryan Emmons to the 紧急威胁响应 team,
在Rapid7与Metasploit合作. 瑞安发现了一个不合适的
Controlled Modification of Dynamically-Determined Object Attributes
vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 whic
6 min
PCI
Enforce and Report on PCI DSS v4 Compliance with Rapid7
The PCI Security Standards Council (PCI SSC) is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide.