Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
4 min read

Under the Hoodie: Which Vulns Are Being Exploited by Attackers (and Our Pen Testers) in 2018?

 Read More
4 min read

Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns

 Read More
3 min read

Address the NAIC Insurance Data Security Model Law with Rapid7 Detection and Response

 Read More
View All Tags

Popular Tags:
2 min read

Metasploit Wrapup

VPN to root The Network Manager VPNC Username Privilege Escalation module by bcoles exploits a privilege escalation attack in the Network Manager VPNC plugin configuration data (CVE-2018-10900) to gain root privileges. Network Manager VPNC versions prior to 1.2.6 are vulnerable and the module…

Matthew Kienow
Matthew Kienow Aug 31, 2018 Metasploit Weekly Wrapup
4 min read

How to Set Up Your Security Operations Center (SOC) for Success

Whether you’re looking to add coverage or are experiencing challenges with your existing security operations center (SOC), it's important to consider these factors before making a decision.…

Wade Woolwine
Wade Woolwine Aug 30, 2018 InsightIDR
2 min read

Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 2)

Rapid7's Insight agent can provide your organization with real-time, accurate results with the smallest possible footprint.…

Vivian Ma
Vivian Ma Aug 29, 2018 InsightIDR
3 min read

Lessons and Takeaways from CTIA’s Recently Released IoT Security Certification Program

The CTIA recently announced a new cybersecurity certification program for cellular- and Wi-Fi-connected IoT devices. Here is my high-level overview of this program.…

Deral Heiland
Deral Heiland Aug 28, 2018 IoT
4 min read

How to Get Instant Insight into Your Log Data with Analytic Packs

Not sure what you should be looking for in your log data? Analytic Packs can help.…

Eoin Shanley
Eoin Shanley Aug 27, 2018 InsightOps
1 min read

Metasploit Wrapup

ssh_enumusers Gets An Update wvu integrated the malformed packet technique into the ssh_enumusers module originally written by kenkeiras. This module allows an attacker to guess the user accounts on an OpenSSH server on versions up to 7.7, allowing the module to work…

Shelby Pace
Shelby Pace Aug 24, 2018 Metasploit Weekly Wrapup
3 min read

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.…

Andrew Bindner
Andrew Bindner Aug 24, 2018 IoT
5 min read

How Our Threat Intel Team Crafts Attacker Behavior Analytics

Threat Intel Lead Rebekah Brown discusses how the teams at Rapid7 create Attacker Behavior Analytics, and how that intel is infused into our solutions.…

Rebekah Brown
Rebekah Brown Aug 23, 2018 Incident Detection
3 min read

Assess Containers During Software Builds with InsightVM

We recently released the InsightVM Container Assessment CI/CD Plugin. Built to work with Continuous Integration/Continuous Deployment (CI/CD) tools such as Jenkins, this plugin leverages InsightVM to assess containers during a software build.…

Justin Buchanan
Justin Buchanan Aug 23, 2018 InsightVM
5 min read

Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 1)

Endpoint agents can help you integrate your siloed vulnerability management and incident detection and response programs and implement SecOps practices.…

Vivian Ma
Vivian Ma Aug 22, 2018 Whiteboard Wednesday
4 min read

CIS Critical Security Control 20: Measure Your Security Standing with Penetration Tests and Red Team Exercises

Protecting yourself from threats requires consistently asking yourself whether your security program is working as designed. Critical Control 20 covers pen tests and Red Team exercises.…

Brian Carey
Brian Carey Aug 20, 2018 Penetration Testing
3 min read

Metasploit Wrapup

We had a great time meeting everyone at the various Metasploit events at hacker summer camp last week, including two popup capture the flag events with Metasploitable3, the Open Source Security Meetup and selling Metasploit 0xf Anniversary Tour.…

Brent Cook
Brent Cook Aug 17, 2018 Metasploit

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More

Blog Feed