Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
4 min read

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

 Read More
2 min read

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

 Read More
2 min read

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

 Read More
View All Tags

Popular Tags:
7 min read

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.…

Josh Frantz
Josh Frantz Aug 19, 2019 AWS
3 min read

Metasploit Wrap-Up

Hacker Summer Camp Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of epic hacks, good conversation, and even a little business! If you managed…

William Vu
William Vu Aug 16, 2019 Metasploit Weekly Wrapup
2 min read

This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold

Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.…

Trevor O'Donnal
Trevor O'Donnal Aug 16, 2019 Penetration Testing
2 min read

Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub

In this post, we’ll show you firsthand how security orchestration and automation (SOAR) helps teams accelerate their response to cloud-based threats.…

Tyler Terenzoni
Tyler Terenzoni Aug 15, 2019 InsightConnect
4 min read

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides .…

Tod Beardsley
Tod Beardsley Aug 14, 2019 Events
2 min read

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep vulnerability (CVE-2019-0708) that was patched last May. CVE-2019-1181 and CVE-2019-1182 both affect all supported versions of Windows, and can be exploited without…

Greg Wiseman
Greg Wiseman Aug 13, 2019 Patch Tuesday
4 min read

Cloud Security Primer: The Basics You Need to Know

What do you need to do to secure your cloud-based systems while enjoying the competitive benefits of the cloud? Read this blog to find out.…

Meaghan Donlon
Meaghan Donlon Aug 13, 2019 Cloud Infrastructure
4 min read

How to Protect the File System from Your App with WAFs and RASP

The new Local Files protection in tCell joins other RASP protections to defend against serious compromises.…

Boris Chen
Boris Chen Aug 12, 2019 tCell
2 min read

Metasploit Wrap-Up

Keep on Bluekeepin’ on TomSellers added a new option to the increasingly useful Bluekeep Scanner module that allows execution of a DoS attack when running the module. This adds a new level of effectiveness in proving the severity of this vulnerability. As part of this…

James Barnett
James Barnett Aug 09, 2019 Metasploit Weekly Wrapup
2 min read

This One Time on a Pen Test: Paging Doctor Hackerman

In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.…

Nick Powers
Nick Powers Aug 09, 2019 Under the Hoodie
4 min read

The Importance of Preventing and Detecting Malicious PowerShell Attacks

In this blog, we will discuss why organizations should care about malicious PowerShell activity, how attackers use PowerShell to steal credentials, and how to prevent and detect malicious PowerShell activity.…

Rohit Chettiar
Rohit Chettiar Aug 08, 2019 InsightIDR
4 min read

How to Monitor Your AWS S3 Activity with InsightIDR

In this blog, we discuss AWS S3 buckets and how Rapid7's InsightIDR can help you monitor important activity.…

Alan Foster
Alan Foster Aug 07, 2019 InsightIDR
6 min read

App-a-Bet Soup: Should You Use a SAST, DAST, or RASP Application Security Tool?

In this blog, we discuss all things web applications and how to select the right application security solution to keep them safe from attack.…

Garrett Gross
Garrett Gross Aug 06, 2019 Application Security

Blog Feed