Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrapup

Welcome to another installment of the week! This installment features a new ETERNALBLUE module in everyone's favorite reptile-brain language, Python! Sporting support for Windows 8 and 10, it has everything you need, including immutable strings and enforced whitespace. In other Windows 10 news, chervalierly fixed…

Top Three Questions to ask Security Orchestration and Automation Vendors

If you’ve been in cybersecurity for some time, you’ve likely heard about the many benefits of security orchestration and automation: time saved, costs reduced, risk exposure mitigated ... the list goes on. And as this popular technology proliferates across our industry, you have more…

Deception Technology in InsightIDR: Setting Up Honey Users

Having the ability to detect and respond to user authentication attempts is a key feature of InsightIDR, Rapid7’s threat detection and incident response solution. Users can take this ability one step further by deploying deception technology, like honey users, which come built into the…

Rapid7 Threat Intel Book Club: Summer Session

In April we wrapped up our first installment of the Rapid7 Threat Intel Book Club. Much to our delight, our New Year’s resolution/grand experiment on hosting a regular threat intel book club was a success! We got to dive into The Cuckoo’s…

Security Impact of Easily Accessible UART on IoT Technology

When it comes to securing IoT devices, it’s important to know that Universal Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom for device analysis when you have physical access. For example, as part of ongoing security research and testing projects…

Metasploit Wrapup

New Privilege Escalation Exploit The glibc 'realpath()' module was added by bcoles. It attempts to gain root privileges on Debian-based Linux systems by exploiting a vulnerability in GNU C Library (glibc) version <= 2.26. This exploit uses halfdog's RationalLove exploit to expose a…

How to Create a Secure and Portable Kali Installation

The following is a guest post from Rapid7 customer Bo Weaver. Hi, everyone. I’m Bo, a penetration tester at CompliancePoint (and also a customer of Rapid7). If you’re just getting started in penetration testing, or are simply interested in the basics, this blog…

Rapid7 Wins Best Security Company Award at SC Awards Europe!

TL;DR: Hooray! Thanks SC Awards Europe, we’re dead chuffed with the award! There are an actual tonne of incredible people at Rapid7. It’s an inspirational place, with amazing products and services, and a company ethos that really supports making a difference in…

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps. These include: Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements PDF report…

How Security Orchestration and Automation Will Unite Infosec

After working in the security industry for 15 years, one of the consistent themes I’ve observed is how teams struggle with balancing the increasing amount of work they have to do, without an increase in resources to accomplish their goals. But there’s another,…

Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps

There’s no silver bullet to combating protecting your organization from phishing attacks today. The only comprehensive approach leverages a combination of methods, many of which we’ve covered in parts 1 and 2 of our three-part phishing Whiteboard Wednesday series. Phishing is a human…

Patch Tuesday - June 2018

This month's Patch Tuesday is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by Microsoft. However, a bit of excitement came earlier this month, with an out-of-band patch for Adobe Flash Player released last Thursday to fix four security issues. Two of these…

Password Tips From a Pen Tester: Common Patterns Exposed

Welcome back to Password Tips From a Pen Tester. Last time, I talked about what you can expect to learn from these posts and I also explained the three most common passwords that we see on penetration tests. This month, let’s take a look…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More