There Goes The Neighborhood: Dealing # With CVE-2020-16898 (a.k.a. “Bad Neighbor”)
by Bob Rudis If you’re in the U.S. and were waiting for an “October surprise”, look no further than CVE-2020-16898...
hacking
Nuubi Tools – Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exitArguments: -b/--banner | Banner grabing of target ip address -s/--subnet...
DamnVulnerableCryptoApp – An App With Really Insecure Crypto
Why?If you try to learn a little bit more about crypto, either because you want to know how the attacks...
Patch Tuesday – October 2020
Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time....
2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM
This is the second installment of our series around 2021 security planning. In part one, Rapid7 Detection and Response Practice...
Hak5 WiFi Pineapple Nano: Review
Attacks on WiFi networks are well known in the cybersecurity world, as an established technique for penetrating a target. The Hak5 WiFi...
O365Enum – Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page.Usageo365enum will read usernames from the file provided...
Wave-Share – Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser....
What’s New in InsightIDR: Q3 2020 in Review
In July, we provided a rundown of what was new in InsightIDR, our cloud-based SIEM tool, from the first half...
Gitjacker – Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will...
NashaVM – A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI
Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installationgit clone https://github.com/Mrakovic-ORG/NashaVM --recursecd NashaVMNashaVMnuget...
SwiftBelt – A macOS Enumeration Tool Inspired By Harmjoy’S Windows-based Seatbelt Enumeration Tool
SwiftBelt is a macOS enumerator inspired by @harmjoy's Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities...
C41N – An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points,...
vPrioritizer – Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization
As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry...
How InsightVM Helps You Save Time and Prove Value
For many security teams, vulnerability risk management can feel like an endless climb. The truth is, no IT environment will...
CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests
CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a...
GHunt – Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract...
This One Time on a Pen Test: Doing Well With XML
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Offering Users More For Their Activity – Similar Items Upon Checkout
The shopping isn't finished once you've purchased your item. If you've ever done shopping online, then you know all about...
Lockphish – The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN...
IoTMap – Research Project On Heterogeneous IoT Protocols Modelling
IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as...
Easily Explore Your Log Data with a Single Query in InsightIDR
We are delighted to announce that Log Search now supports grouping by multiple fields in your log data. By running...
Ransomware Payments and Sanctions – U.S. Treasury Advisory
On Oct. 1, the United States Treasury Department Office of Foreign Assets Control (OFAC) issued an advisory concerning ransomware payments...
Kube-Score – Kubernetes Object Analysis With Recommendations For Improved Reliability And Security
kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of...
