Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Haxmas  

Happy HaXmas! Year-End Internet Scanning Observations

As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.…

Santa's ELFs: Running Linux Executables Without execve

Santa's ELFs do not get a post-holiday break, since the Executable and Linkable Format (ELF) is the base of numerous Unix-like operating systems.…

The Ghost of Exploits Past: A Deep Dive into the Morris Worm

In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.…

HaXmas Review: 12 Patch Tuesdays a-Patching

Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.…

The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference

Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.…

Advice for the Lazy Family Sysadmin

With some careful choices, you can be a lazy family system administrator this holiday. Here’s my experience, along with some tips.…

Once a Haxer, Always a Haxor

Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.…

The New Shiny: Memorable Metasploit Moments of 2018

Happy HaXmas, friends. Metasploit turned 15 this year, and by all accounts, 2018 was pretty epic.…

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.…

The Nightmare After Christmas

With all the incidents that occurred in 2018, you may feel a bit like a CISO Scrooge. Here's how you can prepare for next year (in poem form!)…

The Return of Snapid Kevin to the North Pole

Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?…

The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018

It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.…

A Visit From a Printer PoC

The story of a group effort to perform a successful holiday printer hack...translated into rhymed verse for your HaXmas entertainment.…

Certificate Transparency: The Gift That Keeps Giving

While it's no surprise that both attackers and defenders can garner valuable information about the networks that they’re targeting (or defending), it may come as a surprise that a smörgåsbord of information on these networks is often publicly available. Moreover, once this information has…

The Ghost of a Botnet (Possibly) Past

For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!…