Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways

Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year. So without further delay, let’s take it away! Get more DEF CON 2021 insights from our Research team on Tuesday, August 10 Sign up for our What...

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor's...

SILENTTRINITY - A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET

A post-exploitation agent powered by Python, IronPython, C/.NET. Requirements Server requires Python = 3.7 SILENTTRINITY C implant requires .NET = 4.5 How it works Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also the...

Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper

UPDATE 8/14/17: After posting the original analysis, the Carbon Black Threat Research team received numerous requests for the tools to extract the second stage payload from the initial PNGdropper file. As a result, the source code and compiled binaries are being made public and are posted to the...