For the second year in a row, we've gotten the tree up (and decorated!) and sent out cards. Adulting Success!

Metasploit Framework highlights from 2021 via Spencer McIntyre: URI targeting overhaul, payload-less sessions over WinRM, RDLL exploit improvements, Kubernetes support, and some of our favorite modules from last year🎉rapid7.com/blog/post/2022…

It’s me Daisy here! I asked mum to share one of my baby pics with our followers. A little timeline brightener if you will. Maybe you could share me your baby pic back? #dogsoftwitter

Anyway, I complained about a company being crappy, so here's a pic of one of the pups enjoying the sunshine...

Dear Texans: Do not run your generator in the garage, even with the door open Use at least 12 AWG extension cords Do not make/use male-to-male extension cords Get a CO detector Unplug everything when you start your generator Make sure the fireplace flue is open Be safe, y'all

alt text: If you own land you don't visit or take care of, you're not an investor, you're an asshole.

"Let's threaten to steal liberal voters' children and force community leaders to help" was not on my dystopian bingo card today.

Rapid7's vulnerability intelligence report is out today and features analysis from folks like Jacob Baines, Spencer McIntyre, Unsolicited Dog Pics and a bunch of the Metasploit Project team. We tracked hundreds of data points across 50 high-impact vulns. Key points: (1/n) rapid7.com/info/2021-vuln…

I've been running DS9 as my background noise while working. This morning was a helluva morning for "In the hands of Prophets" to come up.

If you read Thomas's ruling suggesting we revisit the major Equal Protection and Due Process cases but not Loving v. Virginia and you don't hear sheep bleating "Four legs good; two legs BETTER" in your head, you need to reread Animal Farm.

Never. Gets. Old.

I published another exploit writeup! It's a deep dive into CVE-2021-42847, a critical ManageEngine ADAudit Plus vuln that had no available PoC or analysis. I also PR'ed 2 Metasploit Project modules. There's some overlap with CVE-2022-28219 found by Horizon3.ai: medium.com/@erik.wynter/p…

Using the Fortinet CVE-2022-40684 vuln, Ron demonstrates a splendid example of why not to run code/PoCs that you don't understand! attackerkb.com/topics/QWOxGIK…

I never posted here much, but I'm going to be posting less for pretty obvious reasons. I'm over on the pachyderm alternative under the same username at infosec exchange.

Does anyone know a place to donate firewood to in Dallas for the unhoused or at-need? Feels silly looking out at 2-3 truckloads of firewood we're not going to need when the weather is about to get rough.

Metasploit Framework 6.4 is out now! 🆕🎉 Features include: 🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation 🔹DNS configuration 1/4