6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas is about 2017’s 12
months of Patch Tuesdays . Never mind that there were only
eleven months this year, thanks to Microsoft canceling
most of February’s planned fixes. This coincided with when they’d planned to
roll out their
7 min
Haxmas
12 Memorable Metasploit Moments of 2017
This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.
4 min
Haxmas
An Evaluation of the North Pole’s Password Security Posture
Co-written by Jonathan Stines and Tommy Dew
. See all of this year's HaXmas content here
.
He sees your password choices;
He knows when they’re not great.
So don’t reuse those passwords, please,
And make them all longer than eight.
Now that Christmas has passed and all of the chaos from the holidays is winding
down, Santa and the elves are finally able to sit back and recover from the
strenuous Holiday commotion. H
6 min
Haxmas
Regifting Python in Metasploit
Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.
4 min
Haxmas
Forget The Presents: HaXmas Is All About The [Gift] Certificates
2017 is nearly at an end, and most of the cybersecurity world is glad to see it
go. We've been plagued with a myriad of vulnerabilities, misconfigurations and
attacks that have kept many of us working harder than Santa's elves on December
23rd to ensure our systems and networks were not in harm's way.
The attacks may be over, but 2017 is not done "giving" just yet.
Earlier this year, the Google Chrome team announced their intent to deprecate
and remove trust in Symantec-issued certificates due
5 min
Haxmas
Uses For Tech of HaXmas Past
Before you throw technology from HaXmas gifts past on the shelf of misfit toys, consider this story about how one security researcher found new uses for an old gizmo. Your old tech is crying out to be reused!
3 min
Haxmas
HaXmas: The True Meaning(s) of Metasploit
Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.
1 min
Haxmas
On the Zero-eth Day of HaXmas...
I suppose it’s only fitting that this year, we introduce our storied 12 Days of
HaXmas on the zero-eth day. Technically, Twelvetide
doesn’t start until
December 25th. This year, we’re focusing on the security events that grabbed our
attention, metrics that piqued our interest, and projects we pursued outside the
blog and research spheres. We wanted to take a moment here at the end of the
year to make sure that they didn’t just get lost lik
3 min
Metasploit
Metasploit Wrapup: Dec. 22, 2017
Even with the year winding down to a close, activity around Metasploit has been
decidedly “hustle and bustle”. Some cool new things to talk about this week, so
sit back and dig in!
For Your iOS Only
If you’ve been wanting to run Meterpreter under iOS, then this bit is for you!
While Mettle has technically worked on iOS
since February, @timwr
has added official Metasploit Framework support
2 min
Protecting Your Web Site from the Doubleclick XSS Vulnerability
Advertising largely supports free content on the Internet, and many significant
sites rely on DoubleClick for Publishers (DFP), Google’s advertising platform
for publishers to monetize their traffic. Unfortunately for the AdOps world, DFP
has been hosting cross-site scripting (XSS)-vulnerable ads since 2015! Ouch.
You’re writing compelling content for your readers and using Google ads to pay
the bills. Google has tools for you, and you’ve just found out that these tools
could compromise your
4 min
Detection and Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)
This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.
3 min
Public Policy
NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes
A key guideline for cybersecurity risk management now includes coordinated vulnerability disclosure and handling processes. This revision will help boost adoption of processes for receiving and analyzing vulnerabilities disclosed from external sources, such as researchers.
18 min
Vulnerability Disclosure
R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities
Summary of Issues
Multiple vulnerabilities in Cambium Networks’ ePMP and cnPilot product lines
were discovered by independent researcher Karn Ganeshen
, which have, in turn, been addressed by the
vendor. The affected devices are in use all over the world to provide wireless
network connectivity in a variety of contexts, including schools, hotels,
municipalities, and industrial sites, according to the vendor
.
These issue
3 min
GDPR
MDR and GDPR: More than a lot of letters
With 2018 now well in our sights, the countdown to the General Data Protection
Regulation (GDPR). is most definitely on. Articles 33 and 34 of the GDPR
require organizations to communicate
personal data breaches when there is a high risk of impact to the people to whom
the data pertains. GDPR security requirements and breach notification go
hand-in-hand, for obvious reasons. In the words of the European Commission
Working Party 29 (the group who are ta
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Dec. 15, 2017
I Read the News Today, Oh Boy
As we near the end of the year we must express appreciation for the Metasploit
community as a whole. Each contribution is valuable, be it an exploit for the
latest vulnerability, documentation, spelling corrections, or anything in
between. Together we shape the future of Metasploit. The Metasploit community
really surprised us this time around, as the latest release brings five new
exploit and two new auxiliary modules.
Hey! You! Get Off of My Cloud
Zenofex