Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 1 Sessions
Boy, oh boy, has Black Hat changed. Where we once looked up at the neon lights of Las Vegas, we...
hacking
Metasploit 6 Now Under Active Development
Today the Metasploit team is pleased to announce active development of Metasploit Framework 6.0, available now for testing and community...
UEFI_RETool – A Tool For UEFI Firmware Reverse Engineering
A tool for UEFI firmware reverse engineering.UEFI firmware analysis with uefi_retool.py scriptUsage:Copy ida_plugin/uefi_analyser.py script and ida_plugin/uefi_analyser directory to IDA plugins...
Netenum – A Tool To Passively Discover Active Hosts On A Network
Network reconnaisance tool that sniffs for active hostsIntroductionNetenum passively monitors the ARP traffic on the network. It extracts basic data...
DLInjector-GUI – DLL Injector Graphical User Interface
DLInjector for Graphical User Interface.Faster DLL Injector for processes. It targets the process name to identify the target. The process...
Xeca – PowerShell Payload Generator
xeca is a project that creates encrypted PowerShell payloads for offensive purposes.Creating position independent shellcode from DLL files is also...
InsightIDR Now Connects to Zoom for Easy Monitoring
Zoom adoption has skyrocketed with spikes in remote working, but web application security needs to be a top priority to...
Cnitch – Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root
cnitch (snitch or container snitch) is a simple framework and command line tool for monitoring Docker containers to identify any...
Mistica – An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a...
DeimosC2 – A Golang Command And Control Framework For Post-Exploitation
DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that...
EternalBlueC – EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader
EternalBlue suite remade in C which includes: MS17-010 Exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector and DoublePulsar UploadDLL & Shellcode ms17_vuln_status.cpp...
CWFF – Create Your Custom Wordlist For Fuzzing
CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible...
Cloudsplaining – An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.Example...
Kubei – A Flexible Kubernetes Runtime Scanner
Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes...
dazzleUP – A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS
A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP...
uDork – Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files...
Open Source Security Meetup (OSSM): Virtual Edition
The Rapid7 Metasploit team is taking a page from DEF CON’s “SAFE MODE” operations this year, hosting our annual Open...
Cloud Best Practices Every Security Professional Should Know
In part one of this two-part series on the cloud and cloud security for security professionals, we dove into everything...
Oralyzer – Tool To Identify Open Redirection
Oralyzer, a simple python script, capable of identifying the open redirection vulnerability in a website. It does that by fuzzing...
Kubebox – Terminal And Web Console For Kubernetes
Terminal and Web console for KubernetesFeatures Configuration from kubeconfig files (KUBECONFIG environment variable or $HOME/.kube) Switch contexts interactively Authentication support...
Commit Stream – OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API
commit-stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github...
Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know
On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across...
Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II
SummaryContext: The Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield (Privacy Shield) as a...
Joe FitzPatrick on the Future of Hardware Security Training Sessions
This week Rapid7 welcomes Joe FitzPatrick, a lead researcher at securinghardware.com, as he discusses what it takes to run a...
