Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Blocking User Access to Vulnerable Assets with CyberArk and InsightVM

With InsightVM's new integration with the CyberArk Privileged Access Security Solution, user access to vulnerable assets can be automatically restricted until the issue is eliminated.…

Announcing CyberArk and InsightIDR Integration: Connect CyberArk with InsightIDR to Visualize and Investigate Your Privileged Access

To help companies monitor user behavior, secure privileged access, and identify attacks on passwords, we are teaming up with CyberArk.…

Attack Surface Monitoring with Project Sonar

Project Sonar and InsightVM Sonar Attack Surface Monitoring can help you reduce and monitor your attack surface.…

Metasploit Hackathon Wrap-Up: What We Worked On

As part of the Metasploit project's second hackathon, Metasploit contributors and committers got together to discuss ideas, write some code, and have some fun.…

Metasploit Wrap-Up

It’s Summertime, and the Hackin’ is Easy It is still early in the season, but there’s a whole lot of fixes that are already shipping. Straight off a week of intellectual synergy from the world-wide hackathon, we started to fix a lot of…

How to Automate Phishing Investigations and Remediation

Here are four ways security orchestration and automation (SOAR) tools can streamline the phishing investigation process.…

Heap Overflow Exploitation on Windows 10 Explained

Heap corruption can be a scary topic. In this post, we go through a basic example of a heap overflow on Windows 10.…

Patch Tuesday - June 2019

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities, the highest count so far this year. Nothing this month seems "wormable" like the BlueKeep vulnerability patched in May, and none of them have been seen exploited in the…

Introducing the Security Orchestration and Automation Playbook: Your Practical Guide to Implementing SOAR

We created the Security Orchestration and Automation Playbook to help you understand which use cases are prime for SOAR.…

Metasploit Wrap-Up

Read up on how the recent community hackathon in Austin went, three new modules, and the usual long list of fixes and enhancements.…

Integrating Access to Rapid7 Insight Platform Applications with Your Existing SSO Identity Provider

We are introducing a new capability into the Rapid7 Insight platform to enable what is commonly referred to as identity provider-initiated login…

Rapid7 Threat Report Meets MITRE ATT&CK: What We Saw in 2019 Q1

The Q1 edition of our Quarterly Threat Report is unique because all investigated incidents have been mapped to the MITRE ATT&CK framework.…

Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510): What You Need to Know

CERT/CC has released an advisory regarding discovered behavior in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions.…

Scan Engine Options for InsightVM in AWS: Pre-Authorized AMI vs. Manual Install

In this blog, we’re going to go over installing the InsightVM Scan Engine in an AWS environment without using the Pre-Authorized Scan Engine AMI.…