所有的帖子

Metasploit总结2024年5月17日

LDAP认证改进本周，在Metasploit v6中.4.9, the team has added multiple improvements for LDAP相关攻击. Two improvements relating to authentication is the new 支持签名[http://github.com/rapid7/metasploit-framework/pull/19127] 和通道绑定[http://github].com/rapid7/metasploit-framework/pull/19132]. 微软一直在做出改变 [http://support.微软.com/en-gb/topic/2020-2023-和-2024-ldap-channel-binding-和-ldap-signing-requirements-for

3分钟事件

See a Sneak Peek of Tuesday’s Take Comm和 Summit

In just a few short days, some of the best minds in cybersecurity will come 一起指挥 [http://rapid7.brighttalk.com/?utm_source =博客&utm_medium =网站&utm_content = blog-4&utm_campaign=global-mdr-take-comm和-summmit-prospect-eng-cyas] to discuss the most pressing 挑战和 opportunities we face as an 行业. The sessions include in-depth discussions on attacker trends 和 behaviors, a look into the Rapid7 SOC, top guest speakers with unique insights 进入网络安全

4分钟人工智能

AI 信任 Risk 和 Security Management: Why Tackle Them Now?

In the evolving world of artificial intelligence (AI), keeping our customers secure 和 maintaining their trust is our top priority.

8分钟星期二补丁

补丁星期二- 2024年5月

在DWM、MSHTML和Visual Studio中的零日. SharePoint关键的认证后RCE. 远程接入修复. 移动宽带USB总线.

3分钟管理检测和响应(耐多药)

5 key 耐多药 differentiators to look for to build stronger security resilience

Organizations looking to address the skills gap 和 bring greater efficiency as their business grows 和 their attack surface sprawls are turning to 耐多药 providers at an accelerated pace. We’ve seen predictions from top analyst firms signaling the rapid rate of adoption of an 耐多药 provider by 2025.

15分钟管理检测和响应(耐多药)

Ongoing Malvertising Campaign leads to Ransomware

Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP 和 PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.

5分钟 Gartner

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM.

2分钟 Metasploit

Metasploit总结05/10/2024

密码喷洒支持 Multiple bruteforce/login scanner modules have been updated to support a PASSWORD_SPRAY模块选项. This work was completed in pull request #19079 [http://github.com/rapid7/metasploit-framework/pull/19079] from nrathaus [http://github.com/nrathaus] as well as an additional update from our 开发人员[http://github.com/rapid7/metasploit-framework/pull/19158] . 当 the password spraying option is set, the order of attempted users 和 password 尝试改变了

8分钟事件响应

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Rapid7 observes ongoing social engineering campaign consistent with Black Basta

2分钟 Ransomware

Layered Defense to Stop Attacks Before they Begin

Ransomware has evolved from opportunistic attacks to highly orchestrated campaigns driven by cyber criminals who are seeking high financial gains.

2分钟职业发展

Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council

Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC).

1分钟事件

Take Comm和 Summit: A Message from Rapid7 Chairman 和 CEO, Corey Thomas

The Rapid7 Take Comm和 Summit is just two short weeks away. We’re busy putting together one of the most impactful programs on the latest in cybersecurity trends, 技术, 创新是可行的, 和 we are eager to share it with all of you.

2分钟 Metasploit

Metasploit周报05/03/24

内联转储秘密 This week, our very own cdelafuente-r7 [http://github.com/cdelafuente-r7]添加 a significant improvement to the well-known Windows Secrets Dump module [http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb] to reduce the footprint when dumping SAM hashes, LSA secrets 和 cached 凭证. The module is now directly reading the Windows Registry remotely without having to dump the full registry keys to disk 和 parse th

2分钟事件

Take Comm和峰会: A Stacked Agenda, 和 Killer Guest Speakers Coming Your Way May 21

Take Comm和峰会, Rapid7将于5月21日举行为期一天的虚拟峰会, is bringing together some of the best minds in the cybersecurity sphere for comprehensive discussions on the latest data, 挑战, 以及这个行业的机遇

4分钟

网络安全所有权业务

Cyber ownership can often be overlooked or misunderstood within an organization. Responsibility 和 accountability should not rest solely on the CISO's shoulders.