CoalaBot : http Ddos Bot

CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)I found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds malvertising. 2017-09-11: a witnessed infection chain to CoalaBotA look inside :CoalaBot: Login Screen(Same…

Metasploit Wrapup

Slowloris: SMB editionTaking a page from the Slowloris HTTP DoS attack, the aptly named SMBLoris DoS attack exploits a vuln contained in many Windows releases (back to Windows 2000) and also affects Samba (a popular open source SMB implementation). Through creation of many connections to a target's SMB port, an…

Hack with Metasploit: Announcing the UNITED 2017 CTF

Got mad skillz? Want mad skillz? This year at Rapid7’s annual UNITED Summit, we’re hosting a first-of-its-kind Capture the Flag (CTF) competition. Whether you’re a noob to hacking or a grizzled pro, you’ll emerge from our 25-hour CTF with more knowledge and serious bragging rights. Show off your 1337 abilities…

Metasploit Wrapup

With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why not grab a drink and read up on what's new with Metasploit? Where there's smoke...At least a few versions of open source firewall IPFire contain a post-auth RCE vulnerability, and we (well, you!) now have a module…

Virtual Machine Automation (vm-automation) repository released

Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are supported, but I have high hopes we will support other hypervisors…

Announcement: End-of-life Metasploit 32-bit versions

UPDATE: With the release of version 4.15 on July 19, 2017, commercial Metasploit 32-bit platforms (Metasploit Pro, Metasploit Express, and Metasploit Community) no longer receive future product or content updates. These platforms are now obsolete and are no longer supported. Rapid7 announced the end of life of commercial Metasploit 32-bit versions…

Metasploit Wrapup

Metasploit HackathonWe were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the hackathon working with…

Metasploit Wrapup

A fresh, new UAC bypass module for Windows 10!Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works like a charm! Reach out and allocate somethingThis…

Metasploit Wrapup

It has only been one week since the last wrapup, so it's not like much could have happened, right? Wrong! Misery Loves CompanyAfter last week's excitement with Metasploit's version of ETERNALBLUE (AKA the Wannacry vulnerability), this week SAMBA had its own "Hold My Beer" moment with the disclosure that an authenticated…

Metasploit Wrapup

It has been an intense couple of weeks in infosec since the last Wrapup and we've got some cool things for you in the latest update. Hacking like No Such AgencyI'll admit I was wrong. For several years, I've been saying we'll never see another bug like MS08-067, a full remote…

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. This week, EternalBlue has…

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the output of the…

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. This week, EternalBlue has…

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM or Nexpose (Rapid7's vulnerability management solutions) with Metasploit (our penetration testing solution) is a lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules. When a vulnerability scan is imported into Metasploit, many things happen under the hood, outside of generating host, service, and vulnerability data in your…
1 2 3 19