Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
4 min read

The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue

 Read More
5 min read

Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud

 Read More
4 min read

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

 Read More
View All Tags

Popular Tags:
3 min read

Metasploit Wrap-Up

Powershell Express Delivery The web_delivery module is often used to deliver a payload during post exploitation by quickly firing up a local web server. Since it does not write anything on target’s disk, payloads are less likely to be caught by anti-virus protections.…

Christophe De La Fuente
Christophe De La Fuente Dec 13, 2019 Metasploit
3 min read

The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment

In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.…

Garrett Gross
Garrett Gross Dec 13, 2019 Application Security
3 min read

Building a Culture of Security Awareness: How to Use Performance Metrics to Communicate SOC Effectiveness Throughout Your Org

In this blog, we break down which SOC performance metrics to report to your organization and how to measure your impact.…

Meaghan Donlon
Meaghan Donlon Dec 12, 2019 Security Operations Center (SOC)
3 min read

Global Artifacts Now Available in InsightConnect

Rapid7 is excited to announce the release of Global Artifacts to enhance the capabilities provided by InsightConnect, Rapid7’s SOAR solution.…

Tyler Terenzoni
Tyler Terenzoni Dec 11, 2019 InsightConnect
3 min read

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.…

Tod Beardsley
Tod Beardsley Dec 11, 2019 IoT
1 min read

Patch Tuesday - December 2019

Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a…

Richard Tsang
Richard Tsang Dec 10, 2019 Patch Tuesday
4 min read

How to Actually Reduce Risk in Your Environment

In this blog, we discuss how to actually reduce risk in your technology environment using a vulnerability risk management program.…

Tori Sitcawich
Tori Sitcawich Dec 10, 2019 Vulnerability Management
10 min read

How I Shut Down a (Test) Factory with a Single Layer 2 Packet

In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.…

Andreas Galauner
Andreas Galauner Dec 09, 2019 Denial of Service (DoS)
2 min read

Metasploit Wrap-Up

Management delegation of shells Onur ER contributed the Ajenti auth username command injection exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written…

Matthew Kienow
Matthew Kienow Dec 06, 2019 Metasploit
3 min read

Hidden Helpers: Security-Focused HTTP Headers to Protect Against Vulnerabilities

In our second installment of the 'Hidden Helpers' series, we discuss security-focused HTTP headers and how they can protect against vulnerabilities.…

Robert Lerner
Robert Lerner Dec 06, 2019 Application Security
3 min read

InsightIDR Now Available for Purchase in AWS Marketplace

Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.…

Aaron Sawitsky
Aaron Sawitsky Dec 05, 2019 InsightIDR
8 min read

Discovering a New Path in Asset Discovery: A Q&A with Metasploit Founder HD Moore

In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore.…

Bri Hand
Bri Hand Dec 04, 2019 Metasploit
4 min read

InsightVM Delivers 342% ROI through Clarity, Influence, and Progress

No matter the measure of success, InsightVM is built to give security professionals clarity, influence, and progress. Let’s dive into how.…

Tori Sitcawich
Tori Sitcawich Dec 03, 2019 InsightVM
1 min read

Happy HaXmas! Join Our New Twitter Tradition for the Best of Security in 2019 and Beyond

For the month of December, Rapid7’s Twitter account will serve as your security advent calendar, full of stories, advice, inspiration, and a bit of fun.…

Bri Hand
Bri Hand Nov 27, 2019 Haxmas
3 min read

5 Types of Cybersecurity Attacks to Watch Out for This Black Friday and Cyber Monday

With the holiday season right around the corner, here are five types of cybersecurity attacks to be wary of during Black Friday and Cyber Monday shopping.…

Bri Hand
Bri Hand Nov 27, 2019 Black Friday

Blog Feed