Rapid7 Blog

Hacking  

Hacking the Election: What to Expect

Today, we're less than fifty days from the next U.S. presidential election, and over the next couple months, I fully expect to see a lot of speculation over the likelihood of someone "hacking the election." But what does that even mean? The…

Pentesting in the Real World: Group Policy Pwnage

This is the third in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out…

SNMP Data Harvesting During Penetration Testing

A few months back I posted a blog entry, SNMP Best Practices, to give guidance on best methods to reduce security risks as they relate to SNMP. Now that everyone has had time to fix all those issues, I figured it's time to give some…

All About the Very First Rapid7 Hacker Games

We just completed our first successful run of the first-ever Rapid7 Hacker Games competition, so I thought it'd be appropriate to do a little write-up on all the fun activities.  So, what exactly is the Rapid7 Hacker Games competition? Well, a hacking competition! Specifically, a…

#IoTSec and the Business Impact of Hacked Baby Monitors

By now, you've probably caught wind of Mark Stanislav's ten newly disclosed vulnerabilities last week, or seen our whitepaper on baby monitor security – if not, head on over to the IoTSec resources page.You may also have noticed that Rapid7 isn't really a Consumer…

#IoTsec AMA on Reddit: Sept. 9 @ 3:30pm EST with Mark Stanislav & Tod Beardsley

[update 3pm EST Sept 9] This AMA is now live! The direct link is here:  https://www.reddit.com/r/IAmA/comments/3ka38q/we_are_professional_iot_hackers_and_researchers/ Join us and ask your questions! Following up on their research on IoT baby monitor…

#IoTsec Disclosure: 10 New Vulnerabilities for Several Video Baby Monitors

Usually, these disclosure notices contain one, maybe two vulnerabilities on one product. Not so for this one; we've got ten new vulnerabilities to disclose today. If you were out at DEF CON 23, you may have caught Mark Stanislav's workshop, “The Hand that Rocks the…

Revisiting an Info Leak

Today an interesting tweet from Greg Linares (who has been posting awesome analysis on twitter lately!) came to our attention, concerning the MS15-080 patch: This patch (included in MS15-080) may have been intended stop one of the Window kernel bugs exploited by Hacking Team. But,…

Making Your Voice Heard for the Future of Automotive Safety

TL;DR: Show Your Support to Secure the Future of Automotive SafetyAbout a year and a half ago, Josh Corman and I began having a discussion about the rapid adoption of technology that has the ability to impact human life and public safety. We came…

Can 800,000 individuals compromised at the French Orange breach put you at risk?

We just read about an attack on Orange France, where 800,000 people have potentially had their information compromised. The data that was accessed included names, mailing addresses, phone numbers, email addresses, customer accounts, and IDs.This could potentially trigger a domino effect of other…

40% of the COUNTRY hacked!

With the US retail market reeling from a tough end to the holiday season due to security breaches a little news from overseas shows this problem has no borders and is continuing to grow.  Headlines are designed to be the hook to the article…

Hacking as One Moose

Twelve hours into Rapid7's Annual Global Domination Hackathon and we are still going strong. Pulling together all the members of our global team for a multi-day kickoff in Boston gave us a fantastic opportunity to collect the wealth of talent and share in an epic…

Rapid7: Coming to a city near you

We're taking this show on the road. Literally. This week our multi-city Rapid7 roadshow event, “Security at the Crossroads,” kicked off in New York and Minneapolis. Industry experts and fellow practitioners – including speakers from Forrester, Cardinal Innovations Healthcare Solutions, Vertex Pharmaceuticals, Porter…

Putting the Fax Straight: Rapid7.com and Metasploit.com Website Defacement

We want to share a short update regarding the defacement of Rapid7.com and Metasploit.com last week. A malicious 3rd party, claiming to be KDMS, changed the DNS settings with our domain registrar, Register.com.We have heard from Register.com that the attacker…

HackMiami Web Application PwnOff - Nexpose w/Metasploit Dominated

During the HackMiami 2013 Hacker Conference held in Miami Beach, a live Web Application Scanner PwnOff contest pitted common web scanning suites against each other. Participates included Acunetix, IBM Rational AppScan, NT OBJECTives NTOSpider, Portswigger Burp, and Rapid7 Nexpose with Metasploit.In a head-to-head battle…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now