Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrapup

Backups that Cause Problems hypn0s contributed a module that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files,…

Securing Buckets with Amazon S3 Block Public Access

Amazon Web Services recently introduced a new security enhancement to its cloud storage service: Amazon S3 Block Public Access.…

Q3 Threat Report: Analyzing Three Key Detection Trends

In this post, we will review findings from our 2018 Q3 Threat Report, including common attack types, the Emotet malware, and protocol poisoning.…

How Rapid7 Researchers Used Data Science to Wrangle Messy WHOIS Data

As part of our research for the Industry Cyber-Exposure Report: Fortune 500, we attempted to quantify the public exposure of various organizations.…

Patch Tuesday - December 2018

It's the last Patch Tuesday of 2018! As is often the case in December, it's a relatively light one with "only" 38 CVEs. (Every other month in 2018 clocked in with at least 50 patched vulnerabilities.) This is in addition to the two…

Metasploit Wrapup

If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you!…

Single-Page Applications: The Journey So Far

While modern web application technology has made apps more useful, it's also made them harder to secure.…

Seeing Security Scale: Rapid7’s Recap of AWS re:Invent 2018

In this post, I will detail my time at AWS re:Invent and provide observations about how security plays a role in our cloud journey.…

Congrats to the 2018 Metasploit community CTF winners

After three days of fierce competition, we have the winners of this year's Metasploit community CTF. We've included some high-level stats from the game below; check out the scoreboard here. If you played the CTF this weekend and want to let the Metasploit team know…

Metasploit Wrapup

Why can't I hold all these Pull Requests? It has been a busy month here in Metasploit-land, with the holidays, the holiday community contributions, and our community CTF. It doesn't help that the last few months have seen our open pull request count keep climbing…

Automation: The Ultimate Enabler for Threat Detection and Response

In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.…

How to Turn Remediation into Reality with Automation

When vulnerability management responsibilities are distributed across teams, it results in silos, differing terminology, and a lack of common visibility.…