All Posts

12 min Vulnerability Management

Patch Tuesday - November 2024

4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.

5 min Malware

LodaRAT: Established Malware, New Victim Patterns

Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.

3 min Metasploit

Metasploit Wrap-Up: 11/08/2024

RISC-V Support This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. These payloads allow for the execution of commands on compromised hardware, allowing Metasploit Framework and Metasploit Payloads to be used in more environments. SMB To HTTP(S) Relay This new exploit worked on by Rapid7 contributors targets the ESC8 vulnerability. This work is a part of the recent Kerberos and Active Directory efforts targeting multiple

3 min Attack Surface Security

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

By establishing visibility of the attack surface and implementing management processes to prioritize, validate, and mobilize responses, security teams can reduce exposures exploited by malicious threat actors.

4 min Career Development

Cathal O’Neill - Taking Command of Your Career in Tech

Cathal O’Neill joined Rapid7 in 2023 as a Senior Engineering Manager, and he has since advanced to the role of Engineering Director.

3 min Cybersecurity

20/20 Cybersecurity: Lessons Learned in 2024 and Strategies for a Stronger 2025

With 2024 rapidly coming to a close, many of us here at Rapid7 are taking a step back, reflecting upon the successes and learnings of the last 12 months, and looking ahead to the challenges and opportunities we could jointly face in the year ahead.

6 min Metasploit

Metasploit Weekly Wrap-Up 11/01/2024

Pool Party Windows Process Injection This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration and DLL Injection. The research of a new injection technique known as PoolParty highlighted new ways to gain code execution on a remote process by abusing Thread-Pool management features included on Windows kernel starting from Windows Vista.

8 min Velociraptor

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

In this post, we explore the structure of LNK files using Velociraptor, our open-source digital forensics and incident response (DFIR) tool.

7 min Incident Response

Investigating a SharePoint Compromise: IR Tales from the Field

Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.

7 min Surface Command

The Importance of Asset Context in Attack Surface Management.

This topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.

2 min Metasploit

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc library, and the second, CVE-2024-2961 is a single

6 min Surface Command

Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command

With our recent launch of the Command Platform, Rapid7 now delivers a more comprehensive view of your attack surface, with transparency that you can trust.

3 min Emergent Threat Response

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.

3 min Metasploit

Metasploit Weekly Wrap-Up 10/18/2024

ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique (hence the the ESC in ESC15) was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance requirements to other ESC flaws such as requiring no authorized signatures or manager approval. Additionally, templa

4 min Career Development

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme.