
3分钟 Metasploit每周总结


New this week: An OwnCloud gather module 和 a Docker c集团s container escape. Plus, an early feature that allows users to search module actions, targets, 和 aliases.

7分钟 渗透测试

PenTales: What It’s Like on the Red Team

在本系列中, we’re sharing some of our favorite tales from the pen test desk 和 hopefully highlight some ways you can improve your own organization’s security.

3分钟 渗透测试

Why Physical Social Engineering Engagements are an Important Part of Security

在本系列中, we’re going to share some of our favorite tales from the pen test desk 和 hopefully highlight some ways you can improve your own organization’s security.

4分钟 渗透测试

PenTales: There Are Many Ways to Infiltrate the Cloud

在Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, 和 dedication to our customer’s security that can only come 从积极地试图打破它! 在本系列中, we’re going to share some of our favorite tales from the pen test desk 和 hopefully highlight some ways you can improve your own organization’s security. Rapid7 was engaged to do an AWS cloud ecosystem pentest for a large insurance 集团. The test included looking at internal 和 external as

3分钟 渗透测试

PenTales: Testing Security Health for a Healthcare 公司

在Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, 和 dedication to our customer’s security that can only come 从积极地试图打破它! 在本系列中, we’re going to share some of our favorite tales from the pen test desk 和 hopefully highlight some ways you can improve your own organization’s security. Rapid7 was tasked with testing a provider website in the healthcare industry. Providers had the ability on the website to 应用 for jobs

6分钟 渗透测试

PenTales: Old Vulnerabilities, New Tricks

在Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, 和 dedication to our customer’s security that can only come 从积极地试图打破它! 在本系列中, we’re going to share some of our favorite tales from the pen test desk 和 hopefully highlight some ways you can improve your own organization’s security. 这s engagement began like any other Internal Network Penetration test [http://o3sa.ruansaen.com/fundamentals/penetration-testing/]. 我follo

3分钟 渗透测试

PenTales: “User enumeration is not a vulnerability” – I beg to differ

在本系列中, we’re going to share some of our favorite tales from the pen test desk 和 hopefully highlight some ways you can improve your own organization’s security.

6分钟 Metasploit

Fetch Payloads: A Shorter Path from Comm和 Injection to Metasploit Session

Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency 和 user control over the comm和s executed.

11分钟 渗透测试

AppDomain 经理 Injection: New Techniques For Red Teams

这s article details a variety of ways to perform 和 utilize AppDomain 经理 Injection during red team operations.

13分钟 Metasploit


Metasploit框架.3现在可用. New 特性 include native Kerberos authentication support, streamlined Active 导演y attack workflows (AD CS, AD DS), 和新的模块,要求, 打造, 和 convert tickets between formats.

5分钟 Haxmas


It's been another gangbusters year for Metasploit, 和 the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline 特性 和 extensions that l和ed in Metasploit-l和 in 2022, we also want to express our gratitude 和 appreciation for our stellar community of contributors, 维护者和用户. The Metasploit team merged 824 pull requests across metasploit相关项目在20

2分钟 Metasploit每周总结


登录蛮力实用程序 简·鲁德[http://github].com/whoot] added a new module that gives users the ability to brute-force login for Linux Syncovery. 这扩展了Framework的 capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave [http://github.com/cydave], destr4ct [http://github.com/destr4ct], jheysel-r7 [http://github.com/jheysel-r7] contributed a new module that takes advantage of a vulnerable WordPress extension. 这

2分钟 Metasploit每周总结


Remote code execution modules for Spring Cloud Function 和 pfSense, plus bug fixes for the Windows secrets dump module.

3分钟 InsightIDR

A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR

在Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot 和 stop bad actors. 从我们故事的开始, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.

9分钟 Metasploit


Metasploit 6.2.0已发布, marking another milestone that includes new modules, 特性, 改进, bug修复.