Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrap-Up

Powershell Express Delivery The web_delivery module is often used to deliver a payload during post exploitation by quickly firing up a local web server. Since it does not write anything on target’s disk, payloads are less likely to be caught by anti-virus protections.…

The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment

In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.…

Global Artifacts Now Available in InsightConnect

Rapid7 is excited to announce the release of Global Artifacts to enhance the capabilities provided by InsightConnect, Rapid7’s SOAR solution.…

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.…

Patch Tuesday - December 2019

Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a…

How to Actually Reduce Risk in Your Environment

In this blog, we discuss how to actually reduce risk in your technology environment using a vulnerability risk management program.…

How I Shut Down a (Test) Factory with a Single Layer 2 Packet

In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.…

Metasploit Wrap-Up

Management delegation of shells Onur ER contributed the Ajenti auth username command injection exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written…

Hidden Helpers: Security-Focused HTTP Headers to Protect Against Vulnerabilities

In our second installment of the 'Hidden Helpers' series, we discuss security-focused HTTP headers and how they can protect against vulnerabilities.…

InsightIDR Now Available for Purchase in AWS Marketplace

Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.…

Discovering a New Path in Asset Discovery: A Q&A with Metasploit Founder HD Moore

In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore.…

InsightVM Delivers 342% ROI through Clarity, Influence, and Progress

No matter the measure of success, InsightVM is built to give security professionals clarity, influence, and progress. Let’s dive into how.…

Happy HaXmas! Join Our New Twitter Tradition for the Best of Security in 2019 and Beyond

For the month of December, Rapid7’s Twitter account will serve as your security advent calendar, full of stories, advice, inspiration, and a bit of fun.…

5 Types of Cybersecurity Attacks to Watch Out for This Black Friday and Cyber Monday

With the holiday season right around the corner, here are five types of cybersecurity attacks to be wary of during Black Friday and Cyber Monday shopping.…