We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrapup

Wintertime can be a drag. Folks get tired of shoveling snow, scraping ice from windshields, dealing with busted water pipes, etc.. Thoughts of “fun in the sun” activities start to seep in, as people begin wistfully daydreaming about summertime. And for this coming summer, Metasploit…

Tonight I'm gonna IR like it's 99 (days until GDPR)…

Sorry Nena, it was going to be you or Prince that was going to get the headline, and whilst 99 Red Balloons is a catchy 80’s classic, I had to give credit to His Royal Purpleness. It was that or pay tribute to a…

Patch Tuesday - February 2018

It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual CVEs have been fixed by Microsoft, most of which (34) are rated "Important". As usual, most of the 14 considered "Critical" are web browser vulnerabilities that could…

HIPAA Security Compliance Fallacies (And How To Avoid Them)

Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t been what I thought it was going to be. When I first started out as an independent security consultant, I was giddy over the business opportunities that I just knew HIPAA compliance was going to…

Metasploit Wrapup

Teenage ROBOT Returns Imagine the joy robot parents must feel when their infant leaves home and returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat) is a 19-year-old vulnerability that allows RSA decryption and signing with the private key of a TLS server. It…

UK NCSC's "Active Cyber Defence" Brings New Hope To Our Combined Fight Against Cybercrime

This week the UK National Cyber Security Centre (NCSC) released their first report on the year one results of their "Active Cyber Defence" (ACD) initiative. And, they're amazing. The ACD program came out of an 2016 effort to re-think, re-imagine and re-tool cybersecurity…

R7-2017-28: Epson AirPrint XSS (CVE-2018-5550)

The Epson AirPrint web configuration page is vulnerable to a reflected cross-site scripting (XSS) issue in the INPUTT_GEOLOCATION parameter in the web administration console. This issue could be leveraged by an attacker with network access to the web UI to the printer to trick…

Smart Sensors: Our Bold New World

Over the last several months I have been surveying our bold new world of smart sensor technology. It is absolutely amazing how advances in this area over the last decade have led to technology that affects our day-to-day lives on a large scale. For example:…

Metasploit Wrapup

It’s a special day here in the U.S.. This morning, media folks were hovering over a specific rodent living in an eastern state to discover that we are in for six more weeks of winter, apparently. ¯\_(ツ)_/¯ Guess we’ll stay inside and…

Welcome to the Rapid7 2018 Threat Intel Book Club!

At the end of 2017 we had the opportunity to think back on the year and reflect on what was done right in threat intelligence in 2017 and what we could improve on. What stood out to me most over the past year was how…

On Random Shell Generators

A couple days ago, AutoSploit.py was released by a person named Real__Vector. It’s safe to say that it’s made some waves in the security Twitterverse, and a few people have asked us here at Rapid7 what we think about it given…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More