Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Networking  

Top 3 reasons Small-to-Medium Businesses fail at security

Cyberattacks are on the rise with more sophisticated attack methods and social engineering being employed against just about any entity with an Internet presence. According to a recent study cited by the U.S. House Small Business Subcommittee on Health and Technology, companies that were…

Staying Stealthy: Passive Network Discovery with Metasploit

One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in…

Firewall Egress Filtering: Why And How You Should Control What's Leaving Your Network

Most companies have firewall rules that restrict incoming traffic, but not everyone thinks to restrict data leaving the network. That's a shame, because a few easy configurations can save you a lot of headaches.Firewall egress filtering controls what traffic is allowed to leave the…

Metasploit 4.7's New MetaModules Simplify Security Testing

Even when offensive security techniques have been publicly discussed at conferences and proof of concept code or open source tools are available, using them in your projects can be very time consuming and may even require custom development. Metasploit Pro 4.7 now introduces MetaModules,…

Microsoft EMET 4.0 might be the best enterprise security tool you're not using yet

Cross-posted from dangerous.netLast week Microsoft announced their 4.0 beta release of EMET (Enhanced Mitigation Experience Toolkit). If you are responsible for securing Windows systems, you should definitely be looking at this free tool if you haven't already.EMET is a toolkit provided by…

Do You (Un)knowingly Exfiltrate?

A few weeks ago, Twitter was buzzing about new and interesting Google Hacks. If you're been visiting this community for more than one day, you'll probably know this already; a Google Hack is a search query that produces some type of unauthorized access to (supposedly)…

Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass

DNS Module Split upThis week, we appear to have a whole bunch of new DNS-based enumeration and information gathering modules. In fact, this was actually more of a housekeeping chore, largely by longtime Metasploit contributor Carlos @darkoperator Perez. Darkoperator wrote most of the original enum_…

Whiteboard Wednesday - Password Auditing with Metasploit

This week's Whiteboard Wednesday features our own http://www.rapid7.com/resources/videos/password-auditing-with-metasploit.jsp David Maloney, speaking about password auditing techniques with Metasploit.He details three quick and easy techniques for auditing in this clip including:Brute forcing/online attacksHash Cracking/offline attacksPassword RecoveryThis…

Twitter Hacked - 250,000 Passwords Exposed

In what's become a common headline of late, yet another incredibly popular web destination has admitted it's been compromised.  This time, it's our favorite 140 word limited blog - Twitter.On their blog posted this past Friday, the Tweeps had this advice to their…

Introduction to Metasploit Hooks

Metasploit provides many ways to simplify your life as a module developer. One of the less well-known of these is the presence of various hooks you can use for processing things at important stages of the module's lifetime. The basic one that anyone who has…

The Odd Couple: Metasploit and Antivirus Solutions

I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd like to share some the information critical to understanding this problem. This blog post is not designed to give you surefire antivirus (AV) evasion techniques, but rather to help you understand the…

Introducing Nexpose 5.5 - CIS, USGCB 2, Enhanced Reporting, and Data Scalability

For those of you that don't know me, I head up the Nexpose engineering team, and we are excited to introduce the latest release, Nexpose 5.5. This release focuses on meeting three big needs that we've heard about from our customers.The first is…

Nexpose Community Edition Lab | Scanning & Reports

In the previous blog post, we walked through creating a virtual machine and installing Nexpose Community for use in a small lab environment.  In this post, we'll highlight key features of Nexpose, run Discovery and Vulnerability scans and finally generate a report to assist…

Man on the SecurityStreet - UNITED Day 2

Day two here at the UNITED Security Summit, and I'm starting off the day with a presentation by Rapid7's own rockstar, HD Moore.HD's presentation entitled "An Evil World," was an in-depth look at the Critical.IO project he's working on, and how he's currently…

UNITED Security Summit - Your Man on the Street

Hello all,I'm Patrick Hellen, the Community Manager for SecurityStreet. This week, I'm going to be coming to you live from the San Francisco show floor of the UNITED Security Summit, giving my impressions of what's happening at the event over the next week. I'll…