All Posts

12 min Metasploit

Metasploit Framework 6.4 Released

今天,Metasploit很高兴地宣布发布Metasploit框架 6.4. 从第6版发布到现在已经一年多了.3 [] 从那时起,该团队增加了许多新功能和改进. 新闻记者请联系 Kerberos Improvements Metasploit 6.3中包含了对Kerberos身份验证的初始支持 Metasploit和是其中一个较大的功能

2 min Metasploit

Metasploit Weekly Wrap-Up 03/22/2024

New module content (1) OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: #18618 [] contributed by ErikWynter [] 路径:linux / http / opennms_horizon_authenticated_rce AttackerKB reference: CVE-2023-0872 [] 描述:该模块利用了OpenNMS Horizon中的内置功能 order to execute arbitrary commands as t

2 min Research


网络安全行业已经将相当多的焦点放在了组织的攻击面上, 从而产生了外部攻击面管理(EASM)技术,作为监控攻击面的一种手段.

9 min Research


在Rapid7实验室中,我们持续跟踪和监控威胁组. As part of this process, 我们经常从威胁组织那里识别出不断演变的策略,这是一场无休止的猫捉老鼠游戏.

2 min Vulnerability Management


近日,美国国家标准与技术研究院(NIST)宣布 国家漏洞数据库(NVD)网站[http://nvd]] that 就会延迟添加新发布的cve信息. NVD 为cve提供了有关漏洞(如漏洞)的基本细节 CVSS评分,受CVE影响的软件产品,漏洞信息, patching status, etc. 自2024年2月12日以来,NVD基本上停止了 enriching vulnerabilities. Given the bro

2 min Metasploit

Metasploit Wrap-Up 03/15/2024

New module content (3) GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: #18716 [] contributed by h00die [] 路径:admin / http / gitlab_password_reset_account_takeover AttackerKB reference: CVE-2023-7028 [] 描述:这增加了一个利用帐户接管的漏洞利用模块 vulnerability to take contr

2 min Career Development

Rapid7的Ciara Cullinan在贝尔法斯特奖励计划中被评为社区开拓者

在2024年女性编程大奖上, Rapid7软件工程师Ciara Cullinan获得了“社区开拓者”奖.

8 min Vulnerability Management

Patch Tuesday - March 2024

No zero-day vulns this month. 单个关键RCE: Hyper-V来宾转义. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes服务机密容器. Windows 11 compressed folders.

3 min Metasploit

Metasploit Wrap-Up 03/08/2024

New module content (2) GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: #18821 [] contributed by n00bhaxor [] 路径:收集/ gitlab_tags_rss_feed_email_disclosure AttackerKB reference: CVE-2023-5612 [] 说明:增加一个辅助模块,利用信息 disclosure vulnerability (CVE

9 min InsightCloudSec


Cloud gaming, powered by giants like AWS, is transforming the gaming industry, 提供无与伦比的易用性和动态游戏体验. 然而,随着这种技术的飞跃,网络威胁也在增加.

6 min 7 Rapid Questions

7 Rapid Questions with #77 Ray Bourque


2 min Cybersecurity

电子游戏公司的经验教训:自动化释放了强大的监控 & observability

In this blog post, 我们将深入研究监控和观察能力如何使视频游戏组织加强其网络安全防御-并提供更好的, more reliable gaming experience.

19 min Emergent Threat Response

CVE-2024-27198和CVE-2024-27199: JetBrains TeamCity多重认证绕过漏洞(修复)

Rapid7漏洞研究团队发现了两个影响JetBrains TeamCity CI/CD服务器的新漏洞:CVE-2024-27198和CVE-2024-27199, both of which are authentication bypasses.

2 min Metasploit

Metasploit Weekly Wrap-Up 03/01/2024

Metasploit为ConnectWise ScreenConnect添加了一个RCE漏洞,并为利用ESC13添加了新的文档.

7 min Velociraptor


UEFI威胁历来数量有限,且主要由 nation state actors as stealthy persistence. However, the recent proliferation 暗网上的黑莲花,Trickbot枚举模块(2022年底),以及 Glupteba(2023年11月)表明这一历史趋势可能正在改变. 在这种情况下,对于安全从业人员来说 了解UEFI威胁的可见性和收集能力 [