Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
1 min read

Introducing the Metasploit Development Diaries

 Read More
1 min read

A Serial Problem: Exploitation and Exposure of Java Serialized Objects

 Read More
2 min read

Utilize File Integrity Monitoring to Address Critical Compliance Needs

 Read More
View All Tags

Popular Tags:
2 min read

Extracting Firmware from Microcontrollers Onboard Flash Memory, Part 2: Nordic RF Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).…

Deral Heiland
Deral Heiland Apr 23, 2019 IoT
4 min read

Capture the Flag: Red Team vs. Cloud SIEM

Here's how InsightIDR fared in a recent Capture the Flag (CTF) meetup with a special blue-team element.…

Garrett Enochs
Garrett Enochs Apr 22, 2019 InsightIDR
2 min read

Metasploit Wrap-UP

A more useful use command From among the many musings of longtime contributor/team member Brent Cook, in a combined effort with the ever-present wvu, the use command has become so much more useful. PR 11724 takes new functionality from search -u one step further…

Jeffrey Martin
Jeffrey Martin Apr 19, 2019 Metasploit Weekly Wrapup
5 min read

How to Choose the Right Application Security Tool for Your Organization

In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.…

Coreen Wilson
Coreen Wilson Apr 17, 2019 Application Security
3 min read

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers

As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.…

Deral Heiland
Deral Heiland Apr 16, 2019 Research
1 min read

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…

boB Rudis
boB Rudis Apr 12, 2019 Research
2 min read

Metasploit Wrap-Up

WordPress RCE tiyeuse submitted a Metasploit module for an authenticated remote code execution vulnerability in WordPress, which was described in a blog post by RIPS Technology. After authenticating as a user with at least author privileges, the module starts by uploading an image file with…

Jacob Robles
Jacob Robles Apr 12, 2019 Metasploit Weekly Wrapup
1 min read

Patch Tuesday - April 2019

Today's Microsoft updates resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 and CVE-2019-0859 can result in unauthorized elevation of privilege, and affect all supported versions of Windows.…

Greg Wiseman
Greg Wiseman Apr 09, 2019 Patch Tuesday
3 min read

How to Start a Career in Cybersecurity: From Stay-at-Home Mom to Security Pro-in-Training

My name is Carlota Bindner, and here is my story on how I went from being a stay-at-home mom and community volunteer to participating in Rapid7's Security Consultant Development Program.…

Carlota Bindner
Carlota Bindner Apr 09, 2019 Rapid7 Perspective
4 min read

Q4 Threat Report: Analyzing the Top 3 Advanced Threats and Detection Techniques

In this post, we’ll review three major findings based on data from Project Sonar, Project Heisenberg, and our Managed Detection and Response customer base, which leverages our security experts and InsightIDR to unify security data and identify compromises in real-time.…

Jake Godgart
Jake Godgart Apr 08, 2019 Incident Detection
1 min read

Metasploit Wrap-Up

Your workflow just got easier Are you tired of copy/pasting module names from the search results before you can use them? Thanks to this enhancement (PR #11652) by Brent Cook, you can now run search with the -u flag to automatically use a module…

Erin Bleiweiss
Erin Bleiweiss Apr 05, 2019 Metasploit
2 min read

Time and Relative Dimension in Space: GPS Week Number Rollover

This week, we're expecting some minor internet traffic turbulence around April 6 and April 7 of 2019, since that's when the next "GPS Week Number Rollover" will happen.…

Tod Beardsley
Tod Beardsley Apr 05, 2019 Rapid7 Perspective
5 min read

5 Considerations When Creating an Application Security Program

In this blog, we explain how to address application security within your organization and how this translates into building better code.…

Coreen Wilson
Coreen Wilson Apr 04, 2019 Application Security
2 min read

Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know

The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.…

boB Rudis
boB Rudis Apr 03, 2019 Research

Blog Feed