We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrapup

You Compile Me Our very own wchen-r7 added the ability to compile C code in metasploit, including (select) dependencies by creating a wrapper for metasm. Right now, support for windows.h is the first salvo in custom compiling tools within the metasploit interface! Hack all…

Diving Deep and Finding Vulnerabilities in Modern Web Applications

As more and more companies shift the responsibility of security earlier in the software development lifecycle (SDLC), DevOps teams are being tasked with detecting vulnerabilities within their applications. Already scrambling to keep up with the terminology, processes, and technologies of modern-day security, DevOps teams also…

Whiteboard Wednesday: The Two Components of Phishing Protection Your Security Strategy Needs

You’re no stranger to the threat of phishing. It’s everywhere, and plays a role in 92% of breaches, according to the Verizon Data Breach Digest. Last month, during the first installment of our phishing Whiteboard Wednesday series, we talked about the key components…

No More Tears? WannaCry, One Year Later

WannaCry, one year later, and what happened to the SMB target environment.…

Metasploit Wrapup

Chaining Vulnerabilities Philip Pettersson discovered vulnerabilities in certain PAN OS versions that could lead to remote code execution and hdm wrote a Metasploit module for the exploit chain. The exploit chain starts off with an authentication bypass, which allows the module to access a page…

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather…

Password Tips From a Pen Tester: 3 Passwords to Eliminate

Every week, Rapid7 conducts penetration testing services for organizations that cracks hundreds—and sometimes thousands—of passwords. Our current password trove has more than 500,000 unique passwords that have been collected over the past two years. Where do these come from? Some of them…

Patch Tuesday - May 2018

Microsoft has released patches that resolve over 60 separate vulnerabilities including an update for Flash Player that addresses a critical Remote Code Execution (RCE) vulnerability (CVE-2018-4944). As usual, the majority of fixes are browser-related, but Microsoft Office is also seeing its fair share this month.…

Critical Control 16: Account Monitoring and Control (ain’t nobody got time for that!)

This is a continuation of our CIS critical security controls blog series, which provides educational information regarding the control of focus as well as tips and tricks for consideration. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls.…

Off the Chain! A Research Paper Observing Bitcoin Nodes on the Public Internet

Over the last several years, blockchain-based technologies have exploded in growth. Lately it seems like blockchains are turning up everywhere, from chicken management systems to the next hot cryptocurrency. Waves of new companies, products and applications exist, often in the form of just wedging a…

Metasploit Wrapup

May the fourth be with you… Get comfortable, put on your headphones or turn up your speaker volume, and enjoy this guitar rendition of the Ewok Celebration, commonly known as Yub Nub while catching up on Metasploit updates for the week. PHP Debugging Xdebug is…

Updating Data Security Laws - A Starting Point

A baseline requirement for commercial data security is often part of discussions on privacy and breach notification regulations. This issue deserves close attention to ensure any security regulation is both effective at protecting users while staying flexible enough to be practicable.…

Hiding Metasploit Shellcode to Evade Windows Defender

Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them. If malware development is a cat-and-mouse game, then I would…

3 Steps to Clear the Fog: Improving Vulnerability Remediation Visibility with InsightVM

The moment you send a vulnerability report to your IT team, you want assurance that it’s being worked on—especially if there are critical vulnerabilities. You also want to be sure issues are prioritized in the right way so that deadlines are met. Often,…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More