Metasploit Wrap-Up
This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.…
Lessons Learned from an Unlikely Path to My OSCP Certification
In this blog, our own Patrick Laverty discusses lessons learned from his path to a Offensive Security Certified Professional (OSCP) certification.…
Ask a Pen Tester Q&A, Part 2: Everything You Need to Know About the Art of Penetration Testing
We sat down with our own penetration testers to answer some of your questions about what exactly pen testing entails.…
What You Need to Know to Get Started in the Penetration Testing Field
In this blog, we sat down with our own penetration testers to answer some of your questions to help get you started in the field.…
This One Time on a Pen Test, Halloween Edition: An Ode to Our Favorite Pen Tester Disguises
In honor of Halloween, we wanted to celebrate by sharing a few of our Rapid7 pen testers’ costumed crusades.…
This One Time on a Pen Test: “Let Me Get That for You”
In this blog, we discuss how our team successfully gained access to a client's physical building in an unlikely way.…
This One Time on a Pen Test: Our Accidental Win
In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.…
This One Time on a Pen Test: What’s in the Box?
Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.…
This One Time on a Pen Test: The Pizza of Doom
Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.…
This One Time on a Pen Test: Your Mouse Is My Keyboard
In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.…
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.…
This One Time on a Pen Test: Missed a Spot
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.…
Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon
Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.…
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.…
This One Time on a Pen Test: Paging Doctor Hackerman
In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.…
