2 min
AWS
Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)
Rapid7 is excited to announce our support for Amazon Web Services’ (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure.
2 min
Career Development
Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards
On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being.
3 min
Exposure Command
Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub
Rapid7’s Remediation Hub, our newest addition to the Exposure Command platform. Remediation Hub automatically prioritizes various risk signals across your hybrid environment and suggests the actions your team can take that would have the largest impact on reducing your overall risk posture.
2 min
Security Operations (SOC)
Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products
With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for organizations to layer security defenses and amplify outcomes.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module
This week's release includes an exploit module for the Palo Alto Expedition
exploit chain that's been making headlines recently. The first vulnerability,
CVE-2024-5910, allows attackers to reset the password of the admin user. The
second vulnerability, CVE-2024-9464 is an authenticated OS command injection.
The module makes use of both vulnerabilities in order to obtain unauthenticated
RCE in the context of the user www-data.
New module content (1)
Palo Alto Expe
4 min
InsightIDR
New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations
Rapid7’s InsightIDR, the foundation of our Managed Detection and Response (MDR) service, empowers security teams with advanced analytics, automation, and expert-led investigations.
3 min
Emergent Threat Response
Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.
12 min
Vulnerability Management
Patch Tuesday - November 2024
4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.
5 min
Malware
LodaRAT: Established Malware, New Victim Patterns
Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.
3 min
Metasploit
Metasploit Wrap-Up: 11/08/2024
RISC-V Support
This release of Metasploit Framework has added exciting new features such as new
payloads that target the RISC-V architecture. These payloads allow for the
execution of commands on compromised hardware, allowing Metasploit Framework and
Metasploit Payloads to be used in more environments.
SMB To HTTP(S) Relay
This new exploit worked on by Rapid7 contributors targets the ESC8
vulnerability. This work is a part of the recent Kerberos and Active Directory
efforts targeting multiple
3 min
Attack Surface Security
Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management
By establishing visibility of the attack surface and implementing management processes to prioritize, validate, and mobilize responses, security teams can reduce exposures exploited by malicious threat actors.
4 min
Career Development
Cathal O’Neill - Taking Command of Your Career in Tech
Cathal O’Neill joined Rapid7 in 2023 as a Senior Engineering Manager, and he has since advanced to the role of Engineering Director.
3 min
Cybersecurity
20/20 Cybersecurity: Lessons Learned in 2024 and Strategies for a Stronger 2025
With 2024 rapidly coming to a close, many of us here at Rapid7 are taking a step back, reflecting upon the successes and learnings of the last 12 months, and looking ahead to the challenges and opportunities we could jointly face in the year ahead.
6 min
Metasploit
Metasploit Weekly Wrap-Up 11/01/2024
Pool Party Windows Process Injection
This Metasploit-Framework release includes a new injection technique deployed on
core Meterpreter functionalities such as process migration and DLL Injection.
The research of a new injection technique known as PoolParty
highlighted new ways to gain code execution on a remote process by abusing
Thread-Pool management features included on Windows kernel starting from Windows
Vista.
8 min
Velociraptor
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
In this post, we explore the structure of LNK files using Velociraptor, our open-source digital forensics and incident response (DFIR) tool.