Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Be Audit You Can Be, Part 2: How to Parse Out Fields in Your Logs

In this blog, we take a look at how InsightIDR’s Custom Data Parsing tool can make quick work of parsing out those interesting fields in the logs.…

Metasploit Wrap-Up

Config R Us Many versions of network management tool rConfig are vulnerable to unauthenticated command injection, and contributor bcoles added a new exploit module for targeting those versions. Present in v3.9.2 and prior, this vulnerability centers around the install directory not being automatically…

#Rapid7GivesBack Month: Moose That Drive Impact Together

At Rapid7, we are committed to giving back to the community and making an impact together through #Rapid7GivesBack month.…

The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue

In this blog, we discuss lessons learned from RDP exploits such as BlueKeep and DejaBlue, and how organizations can be protected form future vulnerabilities.…

New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security

Rapid7 is excited to announce the release of a new extension to incorporate InsightAppSec within Azure DevOps Pipelines.…

Unlocking the Power of the InsightIDR Threat API, Part 2

In this post, we’ll demonstrate how to scrape a few sites for possible bad actors using InsightIDR.…

Metasploit Wrap-Up

This week's Metasploit wrap-up ships a new exploit module against Nostromo, a directory traversal vulnerability that allows system commands to be executed remotely. Also, improvements have been made for the grub_creds module for better post exploitation experience against Unix-like machines. Plus a few bugs…

From Security Police to Security Advocates: How to Create a Champion Program

In our most recent episode of Security Nation, we had the pleasure of speaking with Mark Geeslin about his work creating an internal Security Mavens program at Asurion.…

This One Time on a Pen Test, Halloween Edition: An Ode to Our Favorite Pen Tester Disguises

In honor of Halloween, we wanted to celebrate by sharing a few of our Rapid7 pen testers’ costumed crusades.…

Be Audit You Can Be, Part 1: How to Securely Send and Monitor Your Audit Logs with InsightIDR

In this blog, we discuss how to collect the audit trail from a device or application using InsightVM and InsightIDR.…

End-to-End Office 365 Administration with InsightConnect

Rapid7 is excited to announce new integrations between InsightConnect and Office 365.…

Application Security Testing + Monitoring with DAST and RASP: A Two-Pronged Approach

For full coverage of your apps, you’ll require multiple application security solutions, such as DAST and RASP.…

Metasploit Wrap-Up

Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help find the systems that need URGENT attention. Be sure to check the options on this one; RPORTS is a list to test multiple services on each target. Thanks Ben Seri…

National Cybersecurity Awareness Month 2019: Must-Read Blogs on ‘Protect IT’

In this blog, we will highlight must-read blogs that align with NCSAM’s “Protect IT” sub-themes of be secure, theft and scams, and your digital home.…

Accelerating Incident Response with Threat Intelligence and Alert Enrichment

Rapid7 continues to invest in making automation more accessible for security professionals across the entire Insight Cloud product suite and our standalone SOAR solution, InsightConnect.…