Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Recent Posts

Patch Tuesday - September 2020

129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday)Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance. While following standard…

Metasploit Wrap-Up

New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.…

NICER Protocol Deep Dive: Internet Exposure of FTP

In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.…

This One Time on a Pen Test: Playing Social Security Slots

This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.…

Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner

Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing…

Why I Joined Rapid7

In this blog, Jeff Gardner, Rapid7's new Detection & Response Practice Advisor, discusses why he decided to join Rapid7.…

Metasploit Wrap-Up

Give me your hash This week, community contributor HynekPetrak added a new module for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This…

NICER Protocol Deep Dive: Secure Shell (SSH)

In the second installment of our NICER Protocol Deep Dive blog series, we cover Secure Shell (SSH).…

How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7

To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.…

Internet of Things Cybersecurity Regulation and Rapid7

Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.…

Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests

Rapid7 recently released its 2020 Under the Hoodie report, detailing the ins and outs of penetration testing.…

InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges

Grab some popcorn and watch as Rapid7’s demo video gives you a glimpse of InsightIDR in action.…

Life as a Rapid7 Rotato: Launch Your Career

In this program, we look to hire recent graduates who are ready to bring cutting-edge ideas, work with amazing teams, and develop as professionals.…

Metasploit Wrap-Up

Setting module options just got easier! Rapid7's own Dean Welch added a new option to framework called RHOST_HTTP_URL, which allows users to set values for multiple URL components, such as RHOSTS, RPORT, and SSL, by specifying a single option value. For example, instead…

NICER Protocol Deep Dive: Internet Exposure of Telnet Services

In the first installment of our NICER Protocol Deep Dive blog series, we cover internet exposure of Telnet services.…

Never miss a blog

Get the latest stories, expertise, and news about security today.