Views are my own.
Joined March 2011
- Tweets 649
- Following 920
- Followers 2,771
- Likes 734
22 Photos and videos
Spencer McIntyre retweeted
May 28
Found an unpatched RCE in Gogs 👀 Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup @metasploit module available now!
🔗rapid7.com/blog/post/ve-auth…
ALT RCE via argument injection in Gogs
1
32
171
15,367
Spencer McIntyre retweeted
I appreciate everyone dropping linux privesc 0days in the current AI renaissance, but to really make it feel like the good ol days someone needs to drop a weaponized pre-auth SMB or RDP RCE. We haven't had a good Windows worm in AGES.
11
42
264
21,897
May 13
FWIW, @metasploit made an update to how ror13 hashes are calculated for the first time in (I think?) over a decade to address some limitations in the block API we were running into.
May 13
Created a small .NET tool for ROR13 hashing that you can install to add a global command to cmd/pwsh. It's a lifesaver if you just need some quick hashes.
1
2
8
4,830
Spencer McIntyre retweeted
Catch this episode of Hacktics and Telemetry on Youtube, featuring our very own @zeroSteiner talking about the Metasploit MCP!
youtube.com/watch?v=A05dD51m…
1
3
3,014
Spencer McIntyre retweeted
May 5
Active Directory Exploitation with Metasploit hackingarticles.in/active-di…
19
128
7,563
Spencer McIntyre retweeted
This weeks wrap up is packed with new stuff including an MCP server, and new modules for relaying NTLM from HTTP to LDAP and a Copy Fail exploit with x64 and AARCH64 support rapid7.com/blog/post/pt-meta…
6
17
3,390
Spencer McIntyre retweeted
The annual wrap-up for Metasploit Framework is out now, and it includes the entirety of stats for 2025. This wrap-up and its contents would not be possible without the participation and dedication of our contributors and researchers, and all of our thanks goes to them! Metasploit Framework wouldn't be the same without you, thank you. rapid7.com/blog/post/pt-meta…
11
32
5,316
Spencer McIntyre retweeted
19 Dec 2025
From Zero to Shell: Hunting Critical Vulnerabilities in AVideo
chocapikk.com/posts/2025/avi…
4
49
244
16,973
12 Dec 2025
New NTLM relay dropped for MSSQL. Should see some SCCM modules to use it next. @unsigned_sh0rt gave me all kinds of ideas.
12 Dec 2025
This week's wrap-up has some pretty rad MSSQL updates and a module for React2shell. Get it here: rapid7.com/blog/post/pt-meta…
17
84
11,771
Spencer McIntyre retweeted
11 Dec 2025
Metasploit also has a merged exploit with check for react2shell.
⌨️ module:
multi/http/react2shell_cve_2025_55182
📦 Dockerfile to test available in:
Data\exploits\react2shell_unauth_rce_cve_2025_55102
github.com/rapid7/metasploit…
2
21
68
5,498
Spencer McIntyre retweeted
24 Nov 2025
New Metasploit module for CVE-2025-54236 (SessionReaper) - Unauthenticated RCE in Magento
github.com/rapid7/metasploit…
2
42
168
13,925
Spencer McIntyre retweeted
10 Sep 2025
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
ALT The proxy view for PipeTap, a Windows Named Pipe Analysis Tool
18
145
1,005
71,642
Spencer McIntyre retweeted
25 Aug 2025
Come join @rapid7! I’m hiring for a Senior Security Researcher to join our team. You'll get to work on n-day analysis, zero-day research, exploit development, and more - focusing on enterprise software and appliances. Fully remote in the UK, details here: careers.rapid7.com/jobs/seni…
4
15
60
7,661
Spencer McIntyre retweeted
25 Jun 2025
Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/multipl…
2
27
74
8,339
Spencer McIntyre retweeted
25 Jun 2025
Our @metasploit auxiliary module for the new Brother auth bypass is available. The module will leak a serial number via HTTP/HTTPS/IPP (CVE-2024-51977), SNMP, or PJL, generate the devices default admin password (CVE-2024-51978) and then validate the creds: github.com/rapid7/metasploit…
1
33
97
6,672
Spencer McIntyre retweeted
18 Jun 2025
Today @rapid7 disclosed two vulns affecting NetScaler Console and NetScaler SDX, found by Senior Security Researcher Calum Hutton! 🎉 Our blog details the authenticated arbitrary file read vuln (CVE-2025-4365), and the authenticated arbitrary file write vuln (Which the vendor has not assigned a CVE for).
During root cause analysis for the #NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered & disclosed to the vendor 2 additional high severity vulnerabilities.
Find exploitation details, remediation advice & more in a new blog: r-7.co/4efpR1S
1
11
45
8,347
Submitted a PR to enhance ReflectiveDLLInjection in @Metasploit:
✅ ARM64 reflective loading (using resolved APIs, not syscalls!)
✅ Refactored x86/64/ARM32 loader
✅ Major injector CLI & feature upgrades
✅ API to pass params to DllMain
Details: github.com/rapid7/Reflective…
Fingers crossed @stephenfewer doesn't mind the tinkering! 😄
1
7
857
Spencer McIntyre retweeted
30 May 2025
This week's wrap-up features support for the SOCKS5H protocol, some additional SOCKS lore, and modules for WordPress Depicter Plugin and Gladinet CentreStack/Triofox. rapid7.com/blog/post/2025/05…
3
30
109
7,340