Hacker News
- Metasploit Rails 3 Remote Code Execution Hours Away https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156?x=1 166 comments
- Metasploit enters the DANGERZONE https://community.rapid7.com/community/metasploit/blog/2017/04/01/metasploit-redacted-edition 13 comments netsec
- Metasploitable3 is out https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3 34 comments netsec
- Bringing Home The EXTRABACON [Exploit] https://community.rapid7.com/community/infosec/blog/2016/09/02/bringing-home-the-extrabacon 3 comments netsec
- Juniper backdoor password has been revealed, patch ASAP https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor 17 comments sysadmin
- How do you detect an intruder on your company network? Same way you snap off a poker bluff... https://community.rapid7.com/community/userinsight/blog/2015/08/10/calling-your-bluff-behavior-analytics-in-poker-and-incident-detection 6 comments poker
- Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857) https://community.rapid7.com/community/metasploit/blog/2016/07/07/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857 4 comments netsec
- Firefox 32-35 RCE Writeup: More shells without memory corruption https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636 3 comments netsec
- A Primer on IoT Security Research https://community.rapid7.com/community/infosec/blog/2015/03/10/iot-security-research-whats-it-take 19 comments netsec
- Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE) https://community.rapid7.com/community/metasploit/blog/2015/02/10/r7-2015-02-google-play-store-x-frame-options-xfo-gaps-enable-android-remote-code-execution-rce 4 comments netsec
- The Internet of Gas Station Tank Gauges - thousands of tank gauges on open Internet https://community.rapid7.com/community/infosec/blog/2015/01/22/the-internet-of-gas-station-tank-gauges 79 comments netsec
- Google won't patch Android 4.3 (Jelly Bean) to force users to use a crippling upgrade or buy new hardware. 60% of Android users currently at risk of WebView exploit. Neither Google nor Apple have a published EOL policy for Android or iOS. There needs to be a law against this. https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior 121 comments technology
- Google No Longer Provides Patches for WebView Jelly Bean and Prior https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior 25 comments netsec
- The Sony Breach Demonstrates the Importance of Moving Beyond Perimeter Defense https://community.rapid7.com/community/infosec/blog/2015/01/07/the-sony-breach-demonstrates-the-importance-of-moving-beyond-perimeter-defense 14 comments netsec
- jsobfu, metasploits's improved Javascript obfuscator (now with 100% more CLI) https://community.rapid7.com/community/metasploit/blog/2014/12/27/improvements-to-jsobfu 3 comments netsec
- GNU Wget FTP Symlink Arbitrary Filesystem Access https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access 47 comments netsec
- DMCA and CFAA Reform -- It's right, it's necessary, learn about it for Aaron https://community.rapid7.com/community/infosec/blog/2014/10/08/petition-for-reform-of-the-dmca-and-cfaa-why-i-care-and-why-i-think-you-should-too 14 comments technology
- Major Android Bug is a Privacy Disaster (CVE-2014-6041) - Browser same origin bypass https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041 4 comments netsec
- Exposure of Critical Information Via SNMP Public Community String https://community.rapid7.com/community/metasploit/blog/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string 9 comments netsec
- Metasploit: Hacker's Dome: An Online Capture-th... https://community.rapid7.com/community/metasploit/blog/2014/04/24/hackers-dome-an-online-capture-the-flag-ctf-competition 3 comments netsec
- Exploiting CSRF under NoScript Conditions https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript 7 comments netsec
- Metasploit: Metasploitable In The Cloud https://community.rapid7.com/community/metasploit/blog/2014/04/01/metasploitable-in-the-cloud 4 comments netsec
- New Metasploit payload (not exploit) targets Firefox; doesn't drop a native exe to the disk https://community.rapid7.com/community/metasploit/blog/2014/01/23/firefox-privileged-payloads 3 comments netsec
- Metasploit 12 Days of HaXmas: Fun With ICMP Exfiltration https://community.rapid7.com/community/metasploit/blog/2014/01/01/fun-with-icmp-exfiltration 3 comments netsec
- IE 0-day: exploit code is now widely available (CVE-2013-3893) https://community.rapid7.com/community/infosec/blog/2013/09/24/ie-0-day-exploit-code-is-now-widely-available-cve-2013-3893 52 comments netsec
- ByeBye Shell and the targeting of Pakistan https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-targeting-of-pakistan 5 comments netsec
- IPMI Security - How to find out if your devices are vulnerable https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi 3 comments sysadmin
- Botnets and the War on Bitcoin https://community.rapid7.com/community/infosec/blog/2013/04/12/botnets-and-the-war-on-bitcoin 88 comments netsec
- There's a Hole in 1,951 Amazon S3 Buckets https://community.rapid7.com/community/infosec/blog/2013/03/27/1951-open-s3-buckets 4 comments technology
- Security Flaws in Universal Plug and Play: Unplug, Don't Play - Rapid7 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play 46 comments netsec
- Metasploit Rails 3 Remote Code Execution Hours Away https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156?x=1 4 comments netsec
- Metasploit 4.5 Released: Now at 1,000 remote exploits and sporting a brand new phishing engine https://community.rapid7.com/community/metasploit/blog/2012/12/07/go-phishing-how-to-manage-phishing-exposure-with-metasploit 17 comments netsec
- Skynet, a Tor-powered botnet straight from Reddit https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit 62 comments netsec
- Metasploit: New Metasploit 0-day exploit for IE... | SecurityStreet https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit 10 comments webdev
- Mobile Pwning: Using Metasploit on iOS https://community.rapid7.com/community/metasploit/blog/2012/08/21/metasploit-portable-ios 23 comments netsec
- Metasploitable 2 released https://community.rapid7.com/community/metasploit/blog/2012/06/13/introducing-metasploitable-2 13 comments netsec
- MySQL exploit allows login using any password https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql 27 comments sysadmin
- Using MonaPy + Metasploit for Exploit Dev https://community.rapid7.com/community/metasploit/blog/2011/10/11/monasploit 4 comments netsec
- Meterpreter HTTP/HTTPS Communication https://community.rapid7.com/community/metasploit/blog/2011/06/29/meterpreter-httphttps-communication 3 comments netsec
- Announcing the Metasploit Exploit Bounty: 30 Exploits, $5,000.00, in 5 weeks. https://community.rapid7.com/community/metasploit/blog/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks 6 comments netsec