Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Haxmas  

Hohoho-wned: First Steps Toward a Pen Test Oriented Rootkit

Year after year it seems that Santa is intent on sending me coal, but little does he know that this year I already have access to one of his Linux machines and I'm going to make sure that I at least deserve to get my…

Visions past and future: 2018 security predictions

Happy 2018, fellow humans (but not to you, bot army!). Like we've done in years before, we recently rounded up some of the best minds and most trenchant commentators the security industry has to offer and asked them to sum up the year gone by…

Yankee Swapped: MQTT Primer, Exposure, Exploitation, and Exploration

This HaXmas, Rapid7's Jon Hart Yankee swaps readers a few minutes' attention for a festive look at MQTT exposure on the public IPv4 internet (and an exploitation module!).…

Auld Lang Syne: Threat Intelligence Resolutions for 2018

It’s that time of the year again! It is the time where we look back over the past year to see what we accomplished, what we did well, what we can improve on for next year. In Cyber Threat Intelligence we had a lot…

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas is about 2017’s 12 months of Patch Tuesdays. Never mind that there were only eleven months this year, thanks to Microsoft canceling most of February’s planned fixes. This coincided with when they’d planned…

12 Memorable Metasploit Moments of 2017

This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.…

An Evaluation of the North Pole’s Password Security Posture

Co-written by Jonathan Stines and Tommy Dew. See all of this year's HaXmas content here. He sees your password choices; He knows when they’re not great. So don’t reuse those passwords, please, And make them all longer than eight. Now that Christmas has…

Regifting Python in Metasploit

Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.…

Forget The Presents: HaXmas Is All About The [Gift] Certificates

2017 is nearly at an end, and most of the cybersecurity world is glad to see it go. We've been plagued with a myriad of vulnerabilities, misconfigurations and attacks that have kept many of us working harder than Santa's elves on December 23rd to ensure…

Uses For Tech of HaXmas Past

Before you throw technology from HaXmas gifts past on the shelf of misfit toys, consider this story about how one security researcher found new uses for an old gizmo. Your old tech is crying out to be reused!…

HaXmas: The True Meaning(s) of Metasploit

Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.…

On the Zero-eth Day of HaXmas...

I suppose it’s only fitting that this year, we introduce our storied 12 Days of HaXmas on the zero-eth day. Technically, Twelvetide doesn’t start until December 25th. This year, we’re focusing on the security events that grabbed our attention, metrics that piqued…

12 Days of HaXmas: Meterpreter's new Shiny for 2016

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts…

12 Days of HaXmas: The Gift of Endpoint Visibility and Log Analytics

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts…

12 Days of HaXmas: New Years Resolutions for the Threat Intelligence Analyst

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts…