Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
8 min read

Discovering a New Path in Asset Discovery: A Q&A with Metasploit Founder HD Moore

 Read More
1 min read

Happy HaXmas! Join Our New Twitter Tradition for the Best of Security in 2019 and Beyond

 Read More
6 min read

We Don’t Want White Font: Office Macros, Evasion, and Malicious Self-Reference

 Read More
View All Tags

Popular Tags:
3 min read

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.…

Derek Abdine
Derek Abdine Jan 17, 2020 Research
2 min read

Metasploit Wrap-Up

Silly admin, Citrix is for script kiddies A hot, new module has landed in Metasploit Framework this week. It takes advantage of CVE-2019-19781 which is a directory traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. This exploit takes advantage of unsanitized input within…

James Barnett
James Barnett Jan 17, 2020 Metasploit
10 min read

How to Get Started with the InsightVM Integration for ServiceNow CMDB

Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.…

Tyler Schmidtke
Tyler Schmidtke Jan 17, 2020 Vulnerability Management
2 min read

Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know

In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.…

Rapid7
Rapid7 Jan 16, 2020 Vulnerability Management
3 min read

How PCI Compliance Helps Keep Your App’s Credit Card Data Safe

In this blog, we break-down why you and your organization should be committed to the Payment Card Industry Data Security Standard (PCI DSS, or PCI).…

Bria Grangard
Bria Grangard Jan 16, 2020 PCI
5 min read

Announcing the 2020 Metasploit community CTF

Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.…

Caitlin Condon
Caitlin Condon Jan 15, 2020 Metasploit
3 min read

Patch Tuesday - January 2020

The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the…

Greg Wiseman
Greg Wiseman Jan 14, 2020 Vulnerability Management
4 min read

How to Define and Communicate Vulnerability Risk Across Your Company

In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.…

Rapid7
Rapid7 Jan 14, 2020 InsightVM
4 min read

Simplify Your Data Search with Query Builder in InsightVM

Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.…

Tori Sitcawich
Tori Sitcawich Jan 13, 2020 InsightVM
5 min read

Challenges and Best Practices with Vulnerability Risk Management Collaboration

We sat down with VRM professionals to discuss best practices, challenges, and personal approaches to make vulnerability risk management a priority.…

Tori Sitcawich
Tori Sitcawich Jan 10, 2020 Vulnerability Risk Management
4 min read

Automating Application Security Processes with the InsightAppSec API

In this blog, we discuss how task automation can free up extra time for development and security teams in the web application life cycle.…

Holly Wilsey
Holly Wilsey Jan 09, 2020 InsightAppSec
1 min read

InsightConnect Announces New Plugin for Cisco AMP for Endpoints

Rapid7 is excited to announce a new plugin for InisghtConnect that connects to Cisco AMP for Endpoints.…

Joey McAdams
Joey McAdams Jan 08, 2020 InsightConnect
3 min read

InsightIDR: 2019 Year in Review

As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on some of our most exciting updates from InsightIDR.…

Meaghan Donlon
Meaghan Donlon Jan 07, 2020 Detection and Response
8 min read

Election Security: What You Need to Know

In this blog, we break-down everything you need to know about the collection of security challenges throughout elections.…

Tod Beardsley
Tod Beardsley Jan 06, 2020 Research
2 min read

Metasploit Wrap-Up

A new OpenBSD local exploit Community contributor bcoles brings us a new exploit module for CVE-2019-19726, a vulnerability originally discovered by Qualys in OpenBSD. This vulnerability is pretty interesting in the sense that it leverages a bug in the _dl_getenv function that can be…

Spencer McIntyre
Spencer McIntyre Jan 03, 2020 Metasploit Weekly Wrapup

Blog Feed