サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
衆院選
www.rapid7.com
Last updated at Fri, 15 Dec 2023 15:50:18 GMT UPDATE 10/18/22: A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708) Last updated at Wed, 17 Jan 2024 21:43:58 GMT Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2. The module builds on proof-of-concept code fro
INSIGHTCLOUDSEC Eliminate Cloud Risk. Automate Compliance. Monitor cloud risk everywhere, in real time Detect cloud risk immediately with real-time, agentless visibility into everything running across your entire environment. Prioritize risk with layered context Know exactly which risk signals to prioritize thanks to complete context, with the broadest and deepest coverage across major cloud platf
Last updated at Thu, 30 Nov 2017 14:54:31 GMT Deception lures are all of the rage these days, and when deployed properly, are extremely low overhead to maintain and trigger little to no false alarms. Honeytokens, closely related to honeypots, are ‘tripwires’ that you leave on machines and data stores as early warning indications of a breach. Using AWS IAM access keys, we can create nearly limitles
Last updated at Thu, 30 Nov 2017 18:52:58 GMT This article originally appeared on Basho. It is adapted from a lightning talk Sean gave at the Boston Golang meetup in December of 2015. For a while, it seemed like everyone was crazy for microservices. You couldn’t open up your favorite news aggregator of choice without some company you had never heard of touting how the move to microservices had sav
Last updated at Mon, 26 Oct 2020 18:58:40 GMT Go offers a simple way to build command-line tools using only standard libraries. So I put together a step-by-step example to help walk you through the process. To write a Go program, you’ll need Go setup up on your computer. If you’re not familiar with Go and want to spend a little extra time learning, you can take the Go tour to get started! In this
R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641) Last updated at Thu, 28 Dec 2023 20:51:59 GMT This disclosure will address a class of vulnerabilities in a Swagger Code Generator in which injectable parameters in a Swagger JSON or YAML file facilitate remote code execution. This vulnerability applies to NodeJS, PHP, Ruby, and Java and probably other languages as we
Last updated at Fri, 01 Dec 2017 20:48:24 GMT Here at Komand, we needed a way to easily navigate around our workflows. They have the potential to get complex quickly, as security workflows involve many intricate steps. To accomplish this task, we took an SVG approach to render our workflow dynamically (without dealing with div positioning issues). This gave us the power of traditional graphics to
MDR monitors your attack surface from endpoint to cloud based on your specific exposures and attack vectors White-glove service uncovers risks early to prevent breaches and ransomware attacks Unlimited digital forensics and incident response powered by Velociraptor, the most advanced DFIR tool Joint operations with Rapid7’s elite global SOC allows your staff to defend your data 24/7 Why just defea
Last updated at Mon, 22 Jan 2024 15:23:46 GMT On December 18th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to byp
Last updated at Fri, 03 Nov 2017 20:33:46 GMT We’re going to explore high availability and load balancing using Keepalived and HAProxy. Keepalived is a routing software designed to provide simple and robust facilities for load balancing and high-availability to Linux systems and Linux-based infrastructures. HAProxy is an open source load balancer/reverse proxy generally used for load balancing web
Last updated at Fri, 03 Nov 2017 20:47:23 GMT Containerization and microservice architectures are commonly resulting in highly distributed systems with large numbers of dynamic and ephemeral instances that autoscale to meet demands on system load. It’s not uncommon to see clusters of thousands of container instances, where once there were tens of physical servers, now there are hundreds of (cloud)
Last updated at Fri, 03 Nov 2017 20:14:47 GMT Containerization and micro-services are changing how development and operations teams design, build and monitor systems. Containerization of environments regularly results in systems with large numbers of dynamic and ephemeral instances that autoscale to meet demands on system load. In fact, it’s not uncommon to see thousands of container instances, wh
Last updated at Thu, 21 Jan 2021 19:11:59 GMT It does not take much to understand the benefits of the DevOps culture, processes, and tools. However, implementing DevOps in your organization is not as obvious and usually involves more than simply setting up tools. You have to convince team members, map old processes to new, and maybe even change the structure of organizational reporting and budget
Last updated at Fri, 03 Nov 2017 20:17:09 GMT Over the past year I reckon I have spoken to more than a thousand Developers/IT Os/DevOps folk through customer calls, demos of Logentries, at conferences such as Velocity, DevOpsDays, AWS re:Invent as well as a bunch of other more low key meetups across US and Europe. Naturally, one of the first questions I tend to ask is: “hey what do you use for log
Metasploit Releases CVE-2013-3893 (IE SetMouseCapture Use-After-Free) Last updated at Wed, 07 Feb 2024 18:56:13 GMT Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a tempor
Vulnerability scanning software to help you act at the moment of impact Vulnerabilities pop up every day. You need constant intelligence to discover them, locate them, prioritize them for your business, and confirm your exposure has been reduced. Nexpose, Rapid7’s on-premises option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, en
A curated repository of vetted computer software exploits and exploitable vulnerabilities. Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. These vulnerabilities are utilized by our vulnerability management tool InsightVM. The exploits are all included in the Metasploit framework and utilized by our penetratio
Test your defenses with the world's leading penetration testing tool Attackers are constantly creating new exploits and attack methods—Rapid7's penetration testing tool, Metasploit, lets you use their own weapons against them. Tables? Turned. Utilizing an ever-growing database of exploits maintained by the security community, Metasploit helps you safely simulate real-world attacks on your network
blog.rapid7.com
Quick Cookie Notification This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here. If you continue to browse this site without changing your cookie settings, you agree to this use. I AGREE, LET’S GO! View Cookie Policy for full details Overview On November 27, 2015, Stefan Kanthak contacted Rapid
New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7 Last updated at Tue, 25 Jul 2017 13:10:10 GMT We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Micro
Last updated at Tue, 25 Jul 2017 13:55:46 GMT On late Sunday night, the Metasploit Exploit team was looking for kicks, and heard the word on the street that someone was passing around a reliable Java 0-day exploit. Big thanks to Joshua J. Drake (jduck), we got our hands on that PoC, and then once again, started our voodoo ritual. Within a couple of hours, we have a working exploit. Download Metasp
Last updated at Sat, 16 Dec 2023 17:27:00 GMT Introduction On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about a recently patched security flaw CVE-2012-2122in the MySQL and MariaDB database servers. This flaw was rooted in an assumption that the memcmp() function would always return a value within the range -128 to 127 (signed character). On some platforms and with cer
Scale and speed for hybrid environments Embrace digital transformation, SaaS adoption, and agile development with elastic, cloud-native security information and event management (SIEM). Pinpoint critical, actionable insights Command your attack surface with AI-driven behavioral detections, expertly vetted threat content, and advanced analytics. Act on threats anywhere with confidence High context
Level up SecOps. With the only endpoint to cloud, unified cybersecurity platform. Analyze attack vectors distinct to your organization, link them to exposures, and confidently act to prevent breaches with leading MDR.
このページを最初にブックマークしてみませんか?
『GhostMiner: Cryptomining Malware Goes Fileless | Minerva』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
