Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Recent Posts

All I Want for Christmas Is a Big Box of Quirky IoT

Here is a roundup of some of the quirkiest pieces of IoT tech I have collected for my IoT research lab.…

Building a Daily Threat Simulation Tool with Todd Beebe

In our latest episode of Security Nation, we sat down to talk with Todd Beebe about the automated threat simulation system that he built for his current employer.…

Automating Application Security Testing Within Your Atlassian Bamboo Pipelines

Rapid7 is excited to announce a new plugin for Atlassian Bamboo with the goal of integrating InsightAppSec into the software development life cycle (SDLC).…

Metasploit Wrap-Up

Powershell Express Delivery The web_delivery module is often used to deliver a payload during post exploitation by quickly firing up a local web server. Since it does not write anything on target’s disk, payloads are less likely to be caught by anti-virus protections.…

The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment

In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.…

Global Artifacts Now Available in InsightConnect

Rapid7 is excited to announce the release of Global Artifacts to enhance the capabilities provided by InsightConnect, Rapid7’s SOAR solution.…

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.…

Patch Tuesday - December 2019

Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a…

How to Actually Reduce Risk in Your Environment

In this blog, we discuss how to actually reduce risk in your technology environment using a vulnerability risk management program.…

How I Shut Down a (Test) Factory with a Single Layer 2 Packet

In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.…

Metasploit Wrap-Up

Management delegation of shells Onur ER contributed the Ajenti auth username command injection exploit module for the vulnerability Jeremy Brown discovered and published a PoC for on 2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source web-based server admin panel written…

Hidden Helpers: Security-Focused HTTP Headers to Protect Against Vulnerabilities

In our second installment of the 'Hidden Helpers' series, we discuss security-focused HTTP headers and how they can protect against vulnerabilities.…

InsightIDR Now Available for Purchase in AWS Marketplace

Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.…

Discovering a New Path in Asset Discovery: A Q&A with Metasploit Founder HD Moore

In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore.…