Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
3 min read

InsightConnect Customer Hendrick Automotive Group Benefits from Integrations and Alert Triggers

 Read More
5 min read

3 Questions to Ask Yourself When Justifying Your Infosec Program

 Read More
3 min read

How the Innocent Lives Foundation Uses OSINT to Uncover Online Predators

 Read More
View All Tags

Popular Tags:
8 min read

ServiceNow CMDB Asset Import Using the InsightVM Integration for ServiceNow CMDB

This is part two of our series covering the recently released InsightVM Integration for ServiceNow CMDB application available on the ServiceNow Platform.…

Tyler Schmidtke
Tyler Schmidtke Feb 18, 2020 InsightVM
5 min read

Hackers On The Hill - Slides and recap on cybersecurity policy

Recap of a presentation on the state of public policy related to cybersecurity and hacking from Hackers On The Hill 2020.…

Harley Geiger
Harley Geiger Feb 14, 2020 Public Policy
2 min read

Metasploit Wrap-Up

Ricoh Privilege Escalation No ink? No problem. Here’s some SYSTEM access. A new module by our own space-r7 has been added to Metasploit Framework this week that adds a privilege escalation exploit for various Ricoh printer drivers on Windows systems. This module takes advantage…

Louis Sato
Louis Sato Feb 14, 2020 Metasploit Weekly Wrapup
4 min read

InsightVM + InsightAppSec: A Love Story

Today, we take a moment to appreciate how two of our products, InsightVM and InsightAppSec, work together to secure the entire tech stack for our customers.…

Vivian Ma
Vivian Ma Feb 14, 2020 InsightAppSec
5 min read

Ask a Pen Tester Q&A, Part 2: Everything You Need to Know About the Art of Penetration Testing

We sat down with our own penetration testers to answer some of your questions about what exactly pen testing entails.…

Rapid7
Rapid7 Feb 13, 2020 Penetration Testing
4 min read

How to Handle Misconfigurations in the Cloud

In part three of our four-part series on security in the cloud, we will cover how to handle misconfigurations in the cloud.…

Tori Sitcawich
Tori Sitcawich Feb 12, 2020 Cloud Security
3 min read

Patch Tuesday - February 2020

A relatively modest 99-vulnerability February Patch Tuesday has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 (originally ADV200001) announced back on January 17.  Fortunately, that is the only vulnerability reported this month that has been seen actively exploited in the wild.  Our usual…

Richard Tsang
Richard Tsang Feb 11, 2020 Patch Tuesday
3 min read

Intro to the SOC Visibility Triad

In this blog, we break-down the three pillars of the Security Operations Center (SOC) Visibility Triad.…

Meaghan Donlon
Meaghan Donlon Feb 11, 2020 Security Operations Center (SOC)
2 min read

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.…

Brent Cook
Brent Cook Feb 07, 2020 Vulnerability Management
2 min read

Metasploit Wrap-up

In the week after our CTF, we hope the players had a good time and got back to their loved ones, jobs, lives, studies, and most importantly, back to their beds (and you can find out who the winners were here!). For the Metasploit team,…

Brendan Watters
Brendan Watters Feb 07, 2020 Metasploit
3 min read

InsightConnect Customer Hendrick Automotive Group Benefits from Integrations and Alert Triggers

We spoke with Hendrick Automotive Group’s director of information security about his experience with InsightConnect and its connection to InsightIDR.…

Rapid7
Rapid7 Feb 07, 2020 InsightConnect
5 min read

3 Questions to Ask Yourself When Justifying Your Infosec Program

In this blog post, we propose a framework by which most organizations can understand, evaluate, roadmap, and execute on their security programs.…

Wade Woolwine
Wade Woolwine Feb 06, 2020 Infosec
4 min read

How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud

In part two of our series on security in the cloud, we’ll discuss how to detect, prioritize, and remediate vulnerabilities that you find in your cloud environment.…

Tori Sitcawich
Tori Sitcawich Feb 05, 2020 AWS
5 min read

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?…

Tom Sellers
Tom Sellers Feb 04, 2020 Research
22 min read

DOUBLEPULSAR RCE 2: An RDP Story

In this sequel, wvu recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR implant's lesser-known RDP variant. If you're unfamiliar with the more common SMB variant, you can read our blog post detailing how we achieved…

William Vu
William Vu Feb 04, 2020 Research

Blog Feed