Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Customer Perspective: How to Build an Agile Security Program in Rapidly Changing Times

In this post, Chaim Mazal of ActiveCampaign shares his best practices for building a security program amid chaos and rapid change.…

Metasploit Wrap-Up

elFinder remote command injection elFinder is a client-side open-source file manager tool written for web applications. In a browser it has the look and feel of a native file manager application. It ships with a PHP connector, which integrates the client side with the back…

Helping Kids Hack the Future: Rapid7 Supports BoSTEM Program in Pi Day Fundraiser

Children are our future. That’s why we’re stepping up to support a matching fundraising effort for BoSTEM.…

Forrester Tech Tide for Detection and Response: Is 2019 the Year of Convergence?

Rapid7 was recently recognized for capabilities spanning security user behavior analytics, security analytics, deception technology, SOAR, and file integrity monitoring.…

Patch Tuesday - March 2019

Today Microsoft released updates that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748, a remote code execution (RCE) vulnerability in the Access Connectivity Engine of…

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…

Metasploit Wrap-Up

The Payload UUID and paranoid mode Meterpreter payload and listener features were first introduced and added to many HTTP and TCP Metasploit payloads in mid-2015.…

Lessons from a Pen Test: The Power of a Well-Researched and Well-Timed Phishing Email

On a recent pen test, Steve Laura saw just how effective phishing emails can be with the right research and timing.…

Seasoned Pros Share Career Advice for Cybersecurity Success

In this blog, seasoned pros share what they’ve learned over the course of their careers that would have made a significant impact if they were just setting off at the starting gate.…

Metasploit Wrap-Up

An improvement to HTTP command stagers allows exploits to write on-disk stagers to the location of your choosing.…

Implementing Credential Hygiene with CyberArk and InsightVM

Effectively assess your assets with a scan engine while keeping your credentials safe with the integration between CyberArk and InsightVM and Nexpose.…

Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know

This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.…