Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Recent Posts

Summer Security Fundamentals Recap: What You Need to Know About Vulnerability Management

In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.…

Metasploit Wrap-Up

A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.…

Why the Security Poverty Line Is Our Industry’s Responsibility to Fix

On this week's episode of Security Nation, we chat with Wendy Nather about her work combating the security poverty line.…

This One Time on a Pen Test: Missed a Spot

In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.…

How to Prevent Cross-Site Scripting (XSS) Attacks

Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.…

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.…

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

In this blog post, Rapid7's MDR services team outlines a unique phishing campaign that utilizes a novel method of scraping organizations’ branded Microsoft 365 tenant login pages to produce highly convincing credential harvesting pages.…

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.…

Metasploit Wrap-Up

Hacker Summer Camp Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of epic hacks, good conversation, and even a little business! If you managed…

Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub

In this post, we’ll show you firsthand how security orchestration and automation (SOAR) helps teams accelerate their response to cloud-based threats.…

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides .…

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep vulnerability (CVE-2019-0708) that was patched last May. CVE-2019-1181 and CVE-2019-1182 both affect all supported versions of Windows, and can be exploited without…

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.…

Cloud Security Primer: The Basics You Need to Know

What do you need to do to secure your cloud-based systems while enjoying the competitive benefits of the cloud? Read this blog to find out.…