Automating Application Security Testing Within Your Atlassian Bamboo Pipelines
This blog post is part three of our ongoing Automation with InsightAppSec series. Make sure to check out part one...
hacking
Nginx Log Check – Nginx Log Security Analysis Script
Nginx Log Security Analysis ScriptFeaturesStatistics Top 20 AddressSQL injection analysisScanner alert analysisExploit detectionSensitive path accessFile contains attackWebshellFind URLs with response...
EXIST – Web Application For Aggregating And Analyzing Cyber Threat Intelligence
EXIST is a web application for aggregating and analyzing CTI (cyber threat intelligence).EXIST is written by the following software.Python 3.5.4Django...
Haaukins – A Highly Accessible And Automated Virtualization Platform For Security Education
Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components (Docker, Virtualbox and...
CyberRange – The Open-Source AWS Cyber Range
This CyberRange project represents the first open-source Cyber Range blueprint in the world.This project provides a bootstrap framework for a...
Dsiem – Security Event Correlation Engine For ELK Stack
Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and...
Exploitivator – Automate Metasploit Scanning And Exploitation
This has only been tested on Kali.It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/Install the...
Metasploit Wrap-Up
Powershell Express Delivery The web_delivery module is often used to deliver a payload during post exploitation by quickly firing up...
The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment
Some of the most common web application vulnerabilities tend to be the most exploited because they are difficult to spot,...
RTTM – Real Time Threat Monitoring Tool
Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of...
HashCobra – Hash Cracking Tool
hashcobra Hash Cracking tool.Usage$ ./hashcobra -H--====--usage: hashcobra -o <opr> | options: -a <alg> - hashing algorithm - ? to list...
Splunk Attack Range – A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk
The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a...
Building a Culture of Security Awareness: How to Use Performance Metrics to Communicate SOC Effectiveness Throughout Your Org
It’s no secret that as the security landscape becomes increasingly complex, resources are becoming harder and harder to find. Team...
IoT Vuln Disclosure: Children’s GPS Smart Watches (R7-2019-57)
Executive summary As part of a recent IoT hacking training exercise, a number of Rapid7 penetration testers set out to...
Patch Tuesday – December 2019
Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft...
How to Actually Reduce Risk in Your Environment
What is a vulnerability risk management program? A vulnerability risk management program is imperative at any organization to secure assets,...
How I Shut Down a (Test) Factory with a Single Layer 2 Packet
At Rapid7 Labs we are always on the look for new research topics and fields to stick our fingers in...
Ffuf – Fast Web Fuzzer Written In Go
A fast web fuzzer written in Go.Heavily inspired by the great projects gobuster and wfuzz.FeaturesFast!Allows fuzzing of HTTP header values,...
Fileintel – A Modular Python Application To Pull Intelligence About Malicious Files
This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular...
Genact – A Nonsense Activity Generator
Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with...
Government-funded researchers investigate vulnerabilities in EV charging stations
Charging stations for electric cars have sprung up across the country in recent years as hybrid vehicles continue to gain...
New Golang brute-forcer discovered amid rise in e-commerce attacks
E-commerce websites continue to be targeted by online criminals looking to steal personal and payment information directly from unaware shoppers....
GitHub Increases Bug Bounty Program Rewards
GitHub revealed on Tuesday that last year it paid out $165,000 to researchers who took part in its public bug...
Cobalt Strike
Cobalt Strike is software for Adversary Simulations and Red Team Operations. What this means is, if you wanted to test your...
