Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Hacking  

VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices

(Many thanks to Rebekah Brown & Derek Abdine for their contributions to the post.) How does VPNFilter work? Over the past few weeks, Cisco’s Talos group has published some significant new research on a new malware family called VPNFilter. VPNFilter targets and compromises networking…

Hiding Metasploit Shellcode to Evade Windows Defender

Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them. If malware development is a cat-and-mouse game, then I would…

Getting Started in Ethical Hacking

A while back, a Twitter user asked us the following question: I have a friend who is looking into ethical hacking. She is also a broke college student so do you know of any free for affordable resources she can use? Ethical hackers use their…

On Random Shell Generators

A couple days ago, AutoSploit.py was released by a person named Real__Vector. It’s safe to say that it’s made some waves in the security Twitterverse, and a few people have asked us here at Rapid7 what we think about it given…

Hacking the Election: What to Expect

Today, we're less than fifty days from the next U.S. presidential election, and over the next couple months, I fully expect to see a lot of speculation over the likelihood of someone "hacking the election." But what does that even mean? The…

Pentesting in the Real World: Group Policy Pwnage

This is the third in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out…

SNMP Data Harvesting During Penetration Testing

A few months back I posted a blog entry, SNMP Best Practices, to give guidance on best methods to reduce security risks as they relate to SNMP. Now that everyone has had time to fix all those issues, I figured it's time to give some…

All About the Very First Rapid7 Hacker Games

We just completed our first successful run of the first-ever Rapid7 Hacker Games competition, so I thought it'd be appropriate to do a little write-up on all the fun activities.  So, what exactly is the Rapid7 Hacker Games competition? Well, a hacking competition! Specifically, a…

#IoTSec and the Business Impact of Hacked Baby Monitors

By now, you've probably caught wind of Mark Stanislav's ten newly disclosed vulnerabilities last week, or seen our whitepaper on baby monitor security – if not, head on over to the IoTSec resources page.You may also have noticed that Rapid7 isn't really a Consumer…

#IoTsec AMA on Reddit: Sept. 9 @ 3:30pm EST with Mark Stanislav & Tod Beardsley

[update 3pm EST Sept 9] This AMA is now live! The direct link is here:  https://www.reddit.com/r/IAmA/comments/3ka38q/we_are_professional_iot_hackers_and_researchers/ Join us and ask your questions! Following up on their research on IoT baby monitor…

#IoTsec Disclosure: 10 New Vulnerabilities for Several Video Baby Monitors

Usually, these disclosure notices contain one, maybe two vulnerabilities on one product. Not so for this one; we've got ten new vulnerabilities to disclose today. If you were out at DEF CON 23, you may have caught Mark Stanislav's workshop, “The Hand that Rocks the…

Revisiting an Info Leak

Today an interesting tweet from Greg Linares (who has been posting awesome analysis on twitter lately!) came to our attention, concerning the MS15-080 patch: This patch (included in MS15-080) may have been intended stop one of the Window kernel bugs exploited by Hacking Team. But,…

Making Your Voice Heard for the Future of Automotive Safety

TL;DR: Show Your Support to Secure the Future of Automotive SafetyAbout a year and a half ago, Josh Corman and I began having a discussion about the rapid adoption of technology that has the ability to impact human life and public safety. We came…

Can 800,000 individuals compromised at the French Orange breach put you at risk?

We just read about an attack on Orange France, where 800,000 people have potentially had their information compromised. The data that was accessed included names, mailing addresses, phone numbers, email addresses, customer accounts, and IDs.This could potentially trigger a domino effect of other…

40% of the COUNTRY hacked!

With the US retail market reeling from a tough end to the holiday season due to security breaches a little news from overseas shows this problem has no borders and is continuing to grow.  Headlines are designed to be the hook to the article…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More