Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
4 min read

Did You Remediate That? New InsightVM Executive Report Provides Key Details on Team Progress

 Read More
4 min read

How Your Organization Can Respond After News of a Major Security Breach

 Read More
4 min read

How Retailers Can Protect Against Magecart This Black Friday and Holiday Season

 Read More
View All Tags

Popular Tags:
2 min read

Metasploit Wrapup

Backups that Cause Problems hypn0s contributed a module that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files,…

Shelby Pace
Shelby Pace Dec 14, 2018 Metasploit Weekly Wrapup
4 min read

Securing Buckets with Amazon S3 Block Public Access

Amazon Web Services recently introduced a new security enhancement to its cloud storage service: Amazon S3 Block Public Access.…

Rapid7
Rapid7 Dec 14, 2018 AWS
5 min read

Q3 Threat Report: Analyzing Three Key Detection Trends

In this post, we will review findings from our 2018 Q3 Threat Report, including common attack types, the Emotet malware, and protocol poisoning.…

Eric Sun
Eric Sun Dec 13, 2018 Research
5 min read

How Rapid7 Researchers Used Data Science to Wrangle Messy WHOIS Data

As part of our research for the Industry Cyber-Exposure Report: Fortune 500, we attempted to quantify the public exposure of various organizations.…

Kwan Lin
Kwan Lin Dec 12, 2018 Research
1 min read

Patch Tuesday - December 2018

It's the last Patch Tuesday of 2018! As is often the case in December, it's a relatively light one with "only" 38 CVEs. (Every other month in 2018 clocked in with at least 50 patched vulnerabilities.) This is in addition to the two…

Greg Wiseman
Greg Wiseman Dec 11, 2018 Patch Tuesday
2 min read

Metasploit Wrapup

If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you!…

Brendan Watters
Brendan Watters Dec 07, 2018 Metasploit
3 min read

Single-Page Applications: The Journey So Far

While modern web application technology has made apps more useful, it's also made them harder to secure.…

Mark Hamill
Mark Hamill Dec 06, 2018 Application Security
3 min read

Seeing Security Scale: Rapid7’s Recap of AWS re:Invent 2018

In this post, I will detail my time at AWS re:Invent and provide observations about how security plays a role in our cloud journey.…

Jay Brewer
Jay Brewer Dec 04, 2018 AWS
2 min read

Congrats to the 2018 Metasploit community CTF winners

After three days of fierce competition, we have the winners of this year's Metasploit community CTF. We've included some high-level stats from the game below; check out the scoreboard here. If you played the CTF this weekend and want to let the Metasploit team know…

Caitlin Condon
Caitlin Condon Dec 03, 2018 Metasploit
4 min read

Metasploit Wrapup

Why can't I hold all these Pull Requests? It has been a busy month here in Metasploit-land, with the holidays, the holiday community contributions, and our community CTF. It doesn't help that the last few months have seen our open pull request count keep climbing…

Adam Cammack
Adam Cammack Nov 30, 2018 Metasploit Weekly Wrapup
3 min read

Automation: The Ultimate Enabler for Threat Detection and Response

In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.…

Eric Sun
Eric Sun Nov 28, 2018 InsightIDR
3 min read

How to Turn Remediation into Reality with Automation

When vulnerability management responsibilities are distributed across teams, it results in silos, differing terminology, and a lack of common visibility.…

Jadon Cruz Montero
Jadon Cruz Montero Nov 27, 2018 Automation and Orchestration

Blog Feed