Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Recent Posts

Metasploit Wrap-Up

Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.…

How to Track and Remediate Default Account Vulnerabilities in InsightVM

In this blog post, we discuss older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM.…

This One Time on a Pen Test: I’m Calling My Lawyer!

In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.…

How Rapid7 Is Transforming an On-Premises SOAR Tool into a Cloud-First Automation Platform

In this blog, we discuss how Rapid7 Is transforming an on-premises SOAR tool into a cloud-first automation platform.…

Patch Tuesday - September 2020

129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday)Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance. While following standard…

Metasploit Wrap-Up

New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.…

NICER Protocol Deep Dive: Internet Exposure of FTP

In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.…

This One Time on a Pen Test: Playing Social Security Slots

This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.…

Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner

Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing…

Why I Joined Rapid7

In this blog, Jeff Gardner, Rapid7's new Detection & Response Practice Advisor, discusses why he decided to join Rapid7.…

Metasploit Wrap-Up

Give me your hash This week, community contributor HynekPetrak added a new module for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This…

NICER Protocol Deep Dive: Secure Shell (SSH)

In the second installment of our NICER Protocol Deep Dive blog series, we cover Secure Shell (SSH).…

How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7

To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.…

Internet of Things Cybersecurity Regulation and Rapid7

Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.…

Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests

Rapid7 recently released its 2020 Under the Hoodie report, detailing the ins and outs of penetration testing.…

Never miss a blog

Get the latest stories, expertise, and news about security today.