Profits made from sales of my book from the day my brother left us till the end of the year will be donated to mental health charities. Mental health is so underfunded and misunderstood, and I’m not going to pretend this will make much of a difference, but it is a start. ❤️ u boy

During a recent engagement, Justin Bollinger discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0

This week's wrap-up adds support for identifying and exploiting ESC15 👉👈 rapid7.com/blog/post/2024…

An exciting week ahead... Ryan Emmons and I will be taking part at #Pwn2Own Ireland! Great to see so many hackers in Cork 🚀 ☘️

2008: Microsoft released a critical out-of-band patch via MS08-067 to close the vulnerability exploited by the Conficker worm.

...and we now have a Metasploit Project exploit module in the pull queue for the FortiManager vuln (CVE-2024-47575): github.com/rapid7/metaspl…

ADCS Attack Techniques Cheatsheet for all of you lazy folks who prefer colored tables over reading a bunch of articles just to find some specific information: bit.ly/adcs-cheatsheet

We recently noticed that impackets smblient.py example does not actually give you access control info about files, it is simply hard coded: 🤯

We now have a Metasploit Project exploit in the pull queue for that Oracle Access Manager vuln, CVE-2021-35587. You can check it out here: github.com/rapid7/metaspl…

🚨 CVE-2025-3102 Turned SureTriggers into SurePwned - unauth admin + RCE (≤1.0.78). PoCs have been out for a month, so I wrote the Metasploit module: github.com/rapid7/metaspl…

Thanks to your help I donated £10,000 to mental health charities in the UK. I’m hoping to keep the ball rolling a little bit and fund raise using the pull of an exclusive signed print- you can support the fundraiser and get a print here, thank you - indiegogo.com/projects/happy…

🚀 I just released a new Metasploit module for Invision Community ≤ 5.0.6 (CVE-2025-47916)! 🔗 PR: github.com/rapid7/metaspl…

This week's wrap-up features support for the SOCKS5H protocol, some additional SOCKS lore, and modules for WordPress Depicter Plugin and Gladinet CentreStack/Triofox. rapid7.com/blog/post/2025…

Submitted a PR to enhance ReflectiveDLLInjection in @Metasploit: ✅ ARM64 reflective loading (using resolved APIs, not syscalls!) ✅ Refactored x86/64/ARM32 loader ✅ Major injector CLI & feature upgrades ✅ API to pass params to DllMain Details: github.com/rapid7/Reflect…

Today Rapid7 disclosed two vulns affecting NetScaler Console and NetScaler SDX, found by Senior Security Researcher Calum Hutton! 🎉 Our blog details the authenticated arbitrary file read vuln (CVE-2025-4365), and the authenticated arbitrary file write vuln (Which the vendor has

Today Rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…

Our Metasploit Project auxiliary module for the new Brother auth bypass is available. The module will leak a serial number via HTTP/HTTPS/IPP (CVE-2024-51977), SNMP, or PJL, generate the devices default admin password (CVE-2024-51978) and then validate the creds: github.com/rapid7/metaspl…

Come join Rapid7! I’m hiring for a Senior Security Researcher to join our team. You'll get to work on n-day analysis, zero-day research, exploit development, and more - focusing on enterprise software and appliances. Fully remote in the UK, details here: careers.rapid7.com/jobs/senior-se…

I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

New Metasploit module for CVE-2025-54236 (SessionReaper) - Unauthenticated RCE in Magento github.com/rapid7/metaspl…