Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
4 min read

Under the Hoodie: Which Vulns Are Being Exploited by Attackers (and Our Pen Testers) in 2018?

 Read More
4 min read

Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns

 Read More
3 min read

Address the NAIC Insurance Data Security Model Law with Rapid7 Detection and Response

 Read More
View All Tags

Popular Tags:
2 min read

Metasploit Wrapup

Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.…

Brendan Watters
Brendan Watters Sep 21, 2018 Metasploit Weekly Wrapup
4 min read

Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap

The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.…

Rapid7
Rapid7 Sep 19, 2018 R7 Book Club
3 min read

This One Time on a Pen Test, Part 3: How Jumping a Fence and Donning a Disguise Helped Me Steal an Energy Company

Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.…

Leon Johnson
Leon Johnson Sep 18, 2018 Research
2 min read

Metasploit Wrapup

Your weekly run-down of the modules and improvements that landed in Metasploit Framework.…

Sonny Gonzalez
Sonny Gonzalez Sep 14, 2018 Metasploit Weekly Wrapup
4 min read

How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.…

Scott King
Scott King Sep 13, 2018 Penetration Testing
5 min read

Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications

As part of this year's "Under the Hoodie" report, we identified the latest web application security risks companies are facing today.…

Coreen Wilson
Coreen Wilson Sep 12, 2018 InsightAppSec
2 min read

Patch Tuesday - September 2018

More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player). Over a quarter of these are considered Critical, which means there may be at least one way that malicious code could propagate without…

Greg Wiseman
Greg Wiseman Sep 11, 2018 Patch Tuesday
3 min read

This One Time on a Pen Test, Part 2: How Just One Flaw Helped Us Beat the Unbeatable Network

During one pen testing engagement, we were pitted against a well-hardened, locked-down, and mature environment. However, all it took was one slip-up to give us the keys to the kingdom.…

Matt Hand
Matt Hand Sep 11, 2018 Penetration Testing
3 min read

Summertime and the Coding Is (Sometimes) Easy: What I Learned During GSoC for Metasploit

My name is Eliott Teissonniere, and I was selected as a Google Summer of Code (GSoC) student for Metasploit this summer! Today, I am excited to tell you more about what we did and what’s next.…

Rapid7
Rapid7 Sep 10, 2018 Metasploit
2 min read

Metasploit Wrapup

Ghost(script) in the shell There has been a lot of buzz the last couple weeks about Google Project Zero's Tavis Ormandy's new Ghostscript -dSAFER bypass, now complete with a Metasploit module. With some valiant work by wvu and taviso himself, the latest way to…

Adam Cammack
Adam Cammack Sep 07, 2018 Metasploit Weekly Wrapup
4 min read

Accelerate Incident Response with Security Orchestration and Automation

Security orchestration and automation can be a saving grace in security for many resource-strapped or highly targeted companies.…

Jadon Cruz Montero
Jadon Cruz Montero Sep 06, 2018 Automation and Orchestration
6 min read

External Metasploit Modules: The Gift that Keeps on Slithering

For HaXmas last December, I wrote about the introduction of Python modules to Metasploit Framework. As our module count keeps on growing, we thought that it would be a good time to update the community on where we are at.…

Adam Cammack
Adam Cammack Sep 05, 2018 Metasploit
4 min read

This One Time on a Pen Test, Part 1: Curiosity Didn’t Kill the Cat—Honesty Did

As part of a penetration test, I worked with the client to craft an engagement that would evaluate their employee and technology preparedness against a sophisticated, targeted phishing and vishing attack.…

Aaron Herndon
Aaron Herndon Sep 04, 2018 Penetration Testing
2 min read

Metasploit Wrapup

VPN to root The Network Manager VPNC Username Privilege Escalation module by bcoles exploits a privilege escalation attack in the Network Manager VPNC plugin configuration data (CVE-2018-10900) to gain root privileges. Network Manager VPNC versions prior to 1.2.6 are vulnerable and the module…

Matthew Kienow
Matthew Kienow Aug 31, 2018 Metasploit Weekly Wrapup

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More

Blog Feed