Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrap-Up

Crock-Pot cooking with Metasploit Belkin's Wemo line of smart home devices offers users a variety of internet-connected gadgets and gizmos they can control around the home. One of those happens to be a Crock-Pot. We went ahead and bought one. Naturally, it made sense for…

From InsightConnect, With Love: Wishing a Happy Valentine’s Day to Our Most Popular Plugins

Happy Valentine's Day! This year, we're celebrating some of our most popular InsightConnect plugins by sending them valentines.…

Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R

Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.…

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash), .NET Framework, SharePoint, Exchange, and another slew of JET Database…

Automation in Action: How Carnegie Mellon University Combats Vulnerabilities Using Nexpose

We recently spoke with Brian W. Gray, Information Security Engineer for Carnegie Mellon University, about how he manages vulnerabilities with Rapid7's vulnerability assessment solution, Nexpose.…

Metasploit Wrap-Up

Ubiquitous Devices Our Rapid7 Labs team pulled the thread on some recent buzz around exploitable Ubiquiti devices, which led to a new scanner module (auxiliary/scanner/ubiquiti/ubiquiti_discover.rb) from jhart-r7. This module uses a simple UDP protocol to identify potentially exploitable Ubiquiti devices…

Secure That Query! Researching the Landscape of DNS over Transport Layer Security (TLS)

In this blog, we highlight research conducted about the landscape of DNS over Transport Layer Security (TLS).…

Smart Sensors: A Look at Beacon Security

After working on a smart city project, I wanted to share some of my learnings about beacon technology and how to evaluate its security.…

No DA? No Problem! How Attackers Can Access Sensitive Data without Escalated Privileges

When pen testers look at your network, one of their main goals is privilege escalation. However, there is still plenty of ways to access sensitive data without this access.…

Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure

Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.…

SOARing Toward an Efficient SOC: How Security Orchestration and Automation Can Add Immediate Value in 2019

Thanks to security orchestration and automation (SOAR), it is possible to work efficiently with the resources you already have.…

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.…

Why a 17-Year Veteran Pen Tester Took the OSCP

Why would a 17-year veteran penetration tester undergo the somewhat costly, time-consuming, and challenging ordeal to obtain what may be considered an entry-level certification?…

Metasploit Wrapup

Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!…