5 Kali Linux tools you should learn how to use
Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing. …
Metasploit
Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password …
The past, present and future of Metasploit
Metasploit is the most used penetration testing framework. In this Help Net Security video, Spencer McIntyre, Lead Security Researcher at Rapid7, talks about how Metasploit …
Metasploit 6.2.0 comes with 138 new modules, 148 enhancements and features
Metasploit is the world’s most used penetration testing framework. It helps security teams verify vulnerabilities, manage security assessments, and improve security awareness. …
Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)
On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and …
Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all
Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence …
Widely available ICS attack tools lower the barrier for attackers
The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology (OT) networks and industrial …
AutoSploit: Automated mass exploitation of remote hosts using Shodan and Metasploit
A “cyber security enthusiast” that goes by VectorSEC on Twitter has published AutoSploit, a Python-based tool that takes advantage of Shodan and Metasploit modules …
Rapid7 announces security certifications for Metasploit and Nexpose
Rapid7 is launching certification programs for Nexpose administrators and Metasploit Pro specialists. “Certification enables security professionals to ensure that they …
Microsoft EMET’s protections can be bypassed, researchers show
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a good piece of software and helpful for protecting non-kernel Microsoft applications and third-party …
LogRhythm and Rapid7 partner on threat protection and security analytics
LogRhythm and Rapid7 announced API-level integrations of the LogRhythm SIEM 2.0 platform with both the Rapid7 Nexpose vulnerability management product and the Rapid7 …
Metasploit supports Kali Linux free security auditing toolkit
Rapid7 is working with Offensive Security to provide official Metasploit support for Kali Linux, the enterprise-ready evolution of BackTrack Linux. The free security auditing …