Metasploit Project
@metasploit
Official account of the Metasploit Project, part of the @rapid7 family.
Mastodon: @[email protected]
Slack: https://t.co/ZOLPDG2O2s
ID:18535086
https://metasploit.com/contribute 01-01-2009 20:24:32
2,5K Tweets
251,5K Followers
189 Following
On May 21, Rapid7 is hosting Take Command: a global virtual cybersecurity summit.
We've teamed with Amazon Web Services to bring leading researchers, practitioners & experts to share the latest in attacker analysis, emergent tech, and SOC management. Register now: r-7.co/3xVbO0j
Super analysis by Ryan Emmons detailing CVE-2024-4040 in CrushFTP - detailing the root cause, unauthenticated arbitrary file read primitive, and session stealing. Plus evasion techniques due to non compliant HTTP processing! 🔥
Rapid7 researcher Ryan Emmons analyzed CrushFTP CVE-2024-4040 and found that it's not only exploitable for arbitrary file read as root, but also authentication bypass for admin access and full RCE. Patch immediately. rapid7.com/blog/post/2024…
Full Rapid7 analysis of PAN-OS CVE-2024-3400 now available from Stephen Fewer and our stellar new research teammate Ryan Emmons! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…
Join us for Take Command, a one-day virtual event, in partnership with Amazon Web Services.
A leading group of experts will share the latest in attacker analysis, emergent technologies, and SOC management. 👀 Save your seat ⤵️