Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
4 min read

Understanding Ubiquiti Discovery Service Exposures

 Read More
3 min read

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

 Read More
4 min read

What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs

 Read More
View All Tags

Popular Tags:
2 min read

Metasploit Wrap-Up

Crock-Pot cooking with Metasploit Belkin's Wemo line of smart home devices offers users a variety of internet-connected gadgets and gizmos they can control around the home. One of those happens to be a Crock-Pot. We went ahead and bought one. Naturally, it made sense for…

William Vu
William Vu Feb 15, 2019 Metasploit Weekly Wrapup
< 1 min read

From InsightConnect, With Love: Wishing a Happy Valentine’s Day to Our Most Popular Plugins

Happy Valentine's Day! This year, we're celebrating some of our most popular InsightConnect plugins by sending them valentines.…

Christie Ott
Christie Ott Feb 14, 2019 InsightConnect
6 min read

Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R

Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.…

boB Rudis
boB Rudis Feb 13, 2019 Research
1 min read

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash), .NET Framework, SharePoint, Exchange, and another slew of JET Database…

Greg Wiseman
Greg Wiseman Feb 12, 2019 Patch Tuesday
3 min read

Automation in Action: How Carnegie Mellon University Combats Vulnerabilities Using Nexpose

We recently spoke with Brian W. Gray, Information Security Engineer for Carnegie Mellon University, about how he manages vulnerabilities with Rapid7's vulnerability assessment solution, Nexpose.…

Rapid7
Rapid7 Feb 11, 2019 Customer Perspective
2 min read

Metasploit Wrap-Up

Ubiquitous Devices Our Rapid7 Labs team pulled the thread on some recent buzz around exploitable Ubiquiti devices, which led to a new scanner module (auxiliary/scanner/ubiquiti/ubiquiti_discover.rb) from jhart-r7. This module uses a simple UDP protocol to identify potentially exploitable Ubiquiti devices…

Pearce Barry
Pearce Barry Feb 08, 2019 Metasploit Weekly Wrapup
7 min read

Secure That Query! Researching the Landscape of DNS over Transport Layer Security (TLS)

In this blog, we highlight research conducted about the landscape of DNS over Transport Layer Security (TLS).…

boB Rudis
boB Rudis Feb 06, 2019 Research
4 min read

Smart Sensors: A Look at Beacon Security

After working on a smart city project, I wanted to share some of my learnings about beacon technology and how to evaluate its security.…

Deral Heiland
Deral Heiland Feb 05, 2019 IoT
3 min read

No DA? No Problem! How Attackers Can Access Sensitive Data without Escalated Privileges

When pen testers look at your network, one of their main goals is privilege escalation. However, there is still plenty of ways to access sensitive data without this access.…

Gisela Hinojosa
Gisela Hinojosa Feb 04, 2019 Penetration Testing
3 min read

Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure

Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.…

Jesika McEvoy
Jesika McEvoy Jan 31, 2019 InsightVM
4 min read

SOARing Toward an Efficient SOC: How Security Orchestration and Automation Can Add Immediate Value in 2019

Thanks to security orchestration and automation (SOAR), it is possible to work efficiently with the resources you already have.…

Christie Ott
Christie Ott Jan 30, 2019 Automation and Orchestration
2 min read

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.…

boB Rudis
boB Rudis Jan 29, 2019 Research
4 min read

Why a 17-Year Veteran Pen Tester Took the OSCP

Why would a 17-year veteran penetration tester undergo the somewhat costly, time-consuming, and challenging ordeal to obtain what may be considered an entry-level certification?…

Trevor O'Donnal
Trevor O'Donnal Jan 28, 2019 Penetration Testing
2 min read

Metasploit Wrapup

Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!…

Wei Chen
Wei Chen Jan 25, 2019 Metasploit

Blog Feed