Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Haxmas  

A Visit From a Printer PoC

The story of a group effort to perform a successful holiday printer hack...translated into rhymed verse for your HaXmas entertainment.…

Certificate Transparency: The Gift That Keeps Giving

While it's no surprise that both attackers and defenders can garner valuable information about the networks that they’re targeting (or defending), it may come as a surprise that a smörgåsbord of information on these networks is often publicly available. Moreover, once this information has…

The Ghost of a Botnet (Possibly) Past

For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!…

Hohoho-wned: First Steps Toward a Pen Test Oriented Rootkit

Year after year it seems that Santa is intent on sending me coal, but little does he know that this year I already have access to one of his Linux machines and I'm going to make sure that I at least deserve to get my…

Visions past and future: 2018 security predictions

Happy 2018, fellow humans (but not to you, bot army!). Like we've done in years before, we recently rounded up some of the best minds and most trenchant commentators the security industry has to offer and asked them to sum up the year gone by…

Yankee Swapped: MQTT Primer, Exposure, Exploitation, and Exploration

This HaXmas, Rapid7's Jon Hart Yankee swaps readers a few minutes' attention for a festive look at MQTT exposure on the public IPv4 internet (and an exploitation module!).…

Auld Lang Syne: Threat Intelligence Resolutions for 2018

It’s that time of the year again! It is the time where we look back over the past year to see what we accomplished, what we did well, what we can improve on for next year. In Cyber Threat Intelligence we had a lot…

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas is about 2017’s 12 months of Patch Tuesdays. Never mind that there were only eleven months this year, thanks to Microsoft canceling most of February’s planned fixes. This coincided with when they’d planned…

12 Memorable Metasploit Moments of 2017

This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.…

An Evaluation of the North Pole’s Password Security Posture

Co-written by Jonathan Stines and Tommy Dew. See all of this year's HaXmas content here. He sees your password choices; He knows when they’re not great. So don’t reuse those passwords, please, And make them all longer than eight. Now that Christmas has…

Regifting Python in Metasploit

Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.…

Forget The Presents: HaXmas Is All About The [Gift] Certificates

2017 is nearly at an end, and most of the cybersecurity world is glad to see it go. We've been plagued with a myriad of vulnerabilities, misconfigurations and attacks that have kept many of us working harder than Santa's elves on December 23rd to ensure…

Uses For Tech of HaXmas Past

Before you throw technology from HaXmas gifts past on the shelf of misfit toys, consider this story about how one security researcher found new uses for an old gizmo. Your old tech is crying out to be reused!…

HaXmas: The True Meaning(s) of Metasploit

Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.…

On the Zero-eth Day of HaXmas...

I suppose it’s only fitting that this year, we introduce our storied 12 Days of HaXmas on the zero-eth day. Technically, Twelvetide doesn’t start until December 25th. This year, we’re focusing on the security events that grabbed our attention, metrics that piqued…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More