This week's wrap up includes a new LDAP session type with signing and channel binding support along with two new modules. rapid7.com/blog/post/2024…

Check out the CrushFTP module and password spraying support for bruteforce and login scanners in the wrap-up for this week: rapid7.com/blog/post/2024…

This week's Metasploit release improves the windows_secrets_dump module by dumping registry contents without writing to disk along with a new RCE module targeting CVE-2024-1212 in LoadMaster rapid7.com/blog/post/2024…

On May 21, Rapid7 is hosting Take Command: a global virtual cybersecurity summit.

We've teamed with Amazon Web Services to bring leading researchers, practitioners & experts to share the latest in attacker analysis, emergent tech, and SOC management. Register now: r-7.co/3xVbO0j

This weeks release includes a whooping 8 new modules including the latest PAN-OS RCE, and a slew of enhancements rapid7.com/blog/post/2024…

Super analysis by Ryan Emmons detailing CVE-2024-4040 in CrushFTP - detailing the root cause, unauthenticated arbitrary file read primitive, and session stealing. Plus evasion techniques due to non compliant HTTP processing! 🔥

Rapid7's full technical analysis of #CrushFTP CVE-2024-4040 is available here courtesy of Ryan Emmons.
attackerkb.com/topics/20oYjlm…

Rapid7 researcher Ryan Emmons analyzed CrushFTP CVE-2024-4040 and found that it's not only exploitable for arbitrary file read as root, but also authentication bypass for admin access and full RCE. Patch immediately. rapid7.com/blog/post/2024…

This weeks wrap up includes three new modules, targeting pgAdmin, CrushFTP, and MongoDB Ops Manager Diagnostic Archive rapid7.com/blog/post/2024…

Full Rapid7 analysis of PAN-OS CVE-2024-3400 now available from Stephen Fewer and our stellar new research teammate Ryan Emmons! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…

Join us for Take Command, a one-day virtual event, in partnership with Amazon Web Services.

A leading group of experts will share the latest in attacker analysis, emergent technologies, and SOC management. 👀 Save your seat ⤵️

This week's wrap-up is here with some cool info about the new Shadow Credentials module for Active Directory. rapid7.com/blog/post/2024…

The weekly wrap up is here with new AD CS templates for ESC 4, and some additional modules, enhancements, and fixes! Get it! rapid7.com/blog/post/2024…

This backdoor could potentially allow a malicious actor to compromise sshd authentication. If you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.

The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.

This week's wrap up is out with three new RCEs including one for SharePoint along with multiple bug fixes and other enhancements rapid7.com/blog/post/2024…