4 min
Research
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
7 min
Research
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.
4 min
Research
Cloud Pentesting, Pt. 1: Breaking Down the Basics
More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?
2 min
Metasploit
Metasploit Wrap-Up: Feb. 11, 2022
Welcome, Little Hippo: PetitPotam
Our very own @zeroSteiner [http://github.com/zeroSteiner] ported
[http://github.com/rapid7/metasploit-framework/pull/16136] the PetitPotam
[http://github.com/topotam/PetitPotam] exploit to Metasploit this week. This
module leverages CVE-2021-36942
[http://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog], a
vulnerability in the Windows Encrypting File System (EFS) API, to capture
machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of t
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Feb. 4, 2022
A new NOP module, improvements to RPC functionality and PHP Meterpreter, and WordPress and Cisco RV exploits.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Oct. 29, 2021
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/22/21
Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/15/21
Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/24/21
A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Aug. 20, 2021
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/13/21
Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Jun. 25, 2021
Three fresh modules for Cisco targets and rConfig, plus new enhancements and fixes.
6 min
Penetration Testing
Attack Surface Analysis Part 2: Penetration Testing
In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: May 14, 2021
Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.