Customer Portal
Connect with Support
Need help? We’ve got you covered. Sign in to the Customer Portal for our top recommended help articles, and to connect with our awesome Support Team.
Create and manage your cases with ease and get routed to the right product specialist.
Having trouble logging in?
- Create your account
- Reset your password via the "Need help signing in" link on the Sign In page.
- Customer Portal FAQs
Customer Support Guidebook
Learn how the Rapid7 Customer Support team can support you and your organization
Help & Docs
Self-Service Help
Training & Certifications
Be awesome at everything you do -- get trained by Rapid7 experts and take your security skills to the next level.
Learn moreConsulting Services
Need a hand with your security program? From planning and strategy to full-service support, our Rapid7 experts have you covered.
- Penetration Testing Services
- Managed Services for Vulnerability Management
- Managed Detection and Response Solution
- IoT Security Services
Read What’s New on the Rapid7 Blog
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
The new release of Metasploit Framework includes a Shadow Credentials module
added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051]
used for reliably taking over an Active Directory user account or computer, and
letting future authentication to happen as that account. This can be chained
with other modules present in Metasploit Framework such as windows_secrets_dump.
Details
The module targets a ‘victim’ account that is part of a
CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
In part one of our blog series, we discussed how a Rust based application was used to download and execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.
Visit the Customer Portal
File a case, view your open cases, get in touch.