This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.
If you continue to browse this site without changing your cookie settings, you agree to this use.
View Cookie Policy for full details
Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.
Explore the BlogHelp content and documents are now curated to let you get the information you need even faster.
Explore HelpPowershell Express Delivery The web_delivery module is often used to deliver a payload during post exploitation by quickly firing up a local web server. Since it does not write anything on target’s disk, payloads are less likely to be caught by anti-virus protections.…
In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.…
In this blog, we break down which SOC performance metrics to report to your organization and how to measure your impact.…
Rapid7 is excited to announce the release of Global Artifacts to enhance the capabilities provided by InsightConnect, Rapid7’s SOAR solution.…
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.…
Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a…
In this blog, we discuss how to actually reduce risk in your technology environment using a vulnerability risk management program.…
In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.…
Management delegation of shells Onur ER contributed the Ajenti auth username command injection exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written…
In our second installment of the 'Hidden Helpers' series, we discuss security-focused HTTP headers and how they can protect against vulnerabilities.…
Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.…
In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore.…
No matter the measure of success, InsightVM is built to give security professionals clarity, influence, and progress. Let’s dive into how.…
For the month of December, Rapid7’s Twitter account will serve as your security advent calendar, full of stories, advice, inspiration, and a bit of fun.…
With the holiday season right around the corner, here are five types of cybersecurity attacks to be wary of during Black Friday and Cyber Monday shopping.…