3分钟
Metasploit
Metasploit每周总结2024年10月18日
ESC15: EKUwu
AD CS continues to be a popular target for penetration testers 和 security
从业人员. The latest escalation technique (hence the the ESC in ESC15) was
发现的
Justin Bollinger with details being released just last
周. This latest configuration flaw has common issuance requirements to other
ESC flaws such as requiring no authorized signatures or manager approval.
此外,templa
4分钟
职业发展
7 Rapid Questions on our Belfast Placement Programme: Orla Magee 和 Paddy McDermott
Software Engineers Orla Magee 和 Paddy McDermott share what the interview process looked like for them, along with impactful projects 和 advice for others exploring Rapid7’s Placement Programme.
5分钟
攻击面安全
Underst和ing your Attack Surface: Different Approaches to Asset Discovery
In this post, we’ll delve intoprocess of discovering assets. We cannot secure what we cannot see so getting this piece right is foundational to the success of your ASM program. This blog will explore four different methods of asset discovery starting with the most basic, 已部署的软件代理.
1分钟
物联网
Root Access for Data Control: A DEF CON 物联网 Village Story
我们常年的物联网黑客主持人, 首席保安研究员, 物联网, Deral海兰德, 以及Rapid7测试团队成员, showed attendees many methods of extracting firmware from 物联网 devices 和 manipulating the systems in the name of control 和 operations.
2分钟
Rapid7文化
Test Driving a New Benefit Programme in Belfast
Rapid7’s electric vehicle scheme was rolled out in late 2023 for Belfast employees. The programme enables employees to lease an electric car via their employer 和 pay for it on a salary sacrifice basis, offering substantial tax 和 national insurance savings.
13分钟
脆弱性管理
补丁星期二- 2024年10月
5零日. 配置管理器预认证RCE. RDP RPC预验证RPC. 登录bgi的. Hyper-V容器逃逸. curl o-day RCE后期补丁. 管理控制台零日RCE. Windows 11生命周期变化.
2分钟
Metasploit
Metasploit每周总结10/04/2024
新增模块内容(3)
杯子浏览的信息披露
作者:bcoles和evilsocket
类型:辅助
拉取请求:#19510
由bcoles贡献
Path: scanner/misc/cups_browsed_info_disclosure
Description: Adds scanner module to retrieve CUPS version 和 kernel version
来自杯子浏览的服务的信息.
Acronis Cyber Infrastructure default password remote code execution
作者:Acronis international
5分钟
攻击面安全
The Main Components of an 攻击面管理 (ASM) Strategy
在本博客系列的第一部分, we looked at some of the core challenges that are driving the dem和 for a new approach to 攻击面管理. In this second blog I explore some of the key technology approaches to ASM 和 also some of the core asset types we need to underst和.
7分钟
实验室
Ransomware Groups Demystified: CyberVolk Ransomware
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware 和 has been active since June 2024.
4分钟
脆弱性管理
Modernizing Your VM Program with Rapid7 接触命令: A Path to Effective Continuous Threat 风险管理
This is where continuous threat exposure management (CTEM) comes into play – an approach that shifts the focus from merely identifying vulnerabilities to underst和ing 和 mitigating exposures across the entire attack surface.
7分钟
产品更新
Rapid7产品的新功能 & 服务业:2024年第三季度正在审查中
This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers comm和 of their attack surface: the Rapid7 Comm和 平台, our unified threat exposure 和 detection 和 response platform.
3分钟
攻击面安全
Proactive Visibility Is Foundational to Strong Cybersecurity
风险敞口大于cve, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view.
3分钟
Metasploit
Metasploit每周总结2024年9月27日
史诗释放!
This 周's release includes 5 new modules, 6 enhancements, 4 fixes 和 1
文档更新. Among the new additions, we have an account take over, SQL
注射、RCE和LPE! Thank you to all the contributors who made it possible!
新模块内容(5)
Cisco Smart Software 经理 (SSM) On-Prem Account Takeover (CVE-2024-20419)
作者:Michael Heinzl和Mohammed Adel
类型:辅助
拉取请求:#19375
contribut
3分钟
紧急威胁响应
Multiple Vulnerabilities in Common Unix Printing System (CUPS)
Multiple unpatched vulnerabilities were publicly disclosed in the Common Unix Printing System (CUPS), a popular IPP-based open-source printing system.
4分钟
InsightCloudSec
Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 和 Azure DevOps
We recognize this critical need 和 have added new integration for InsightCloudSec (ICS) 和 接触命令 with Azure DevOps for Infrastructure as code (IaC) tooling, empowering organizations to quickly 和 effectively safeguard their attack surfaces.