Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Penetration Testing  

This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength

During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?…

Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?

On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?…

Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon

Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.…

This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering

Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.…

This One Time on a Pen Test, Part 3: How Jumping a Fence and Donning a Disguise Helped Me Steal an Energy Company

Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.…

How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.…

Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications

As part of this year's "Under the Hoodie" report, we identified the latest web application security risks companies are facing today.…

This One Time on a Pen Test, Part 2: How Just One Flaw Helped Us Beat the Unbeatable Network

During one pen testing engagement, we were pitted against a well-hardened, locked-down, and mature environment. However, all it took was one slip-up to give us the keys to the kingdom.…

This One Time on a Pen Test, Part 1: Curiosity Didn’t Kill the Cat—Honesty Did

As part of a penetration test, I worked with the client to craft an engagement that would evaluate their employee and technology preparedness against a sophisticated, targeted phishing and vishing attack.…

Under the Hoodie: Which Vulns Are Being Exploited by Attackers (and Our Pen Testers) in 2018?

Software vulnerabilities are at the core of pen testing—and our "Under the Hoodie" report provides insights and advice one can only get in the trenches.…

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.…

Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns

Humans are predictable. As unique as we like to think we all are, our actions tend to be similar—and our choices when creating a password are no different.…

CIS Critical Security Control 20: Measure Your Security Standing with Penetration Tests and Red Team Exercises

Protecting yourself from threats requires consistently asking yourself whether your security program is working as designed. Critical Control 20 covers pen tests and Red Team exercises.…

Detection Reflection: Analyzing 9 Months of Rapid7 Penetration Testing Engagements

In this post, we’ll review results and trends from Under the Hoodie 2018 as they relate to incident detection, including where our red team found success.…

Under the Hoodie 2018: Lessons from a Season of Penetration Testing

Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin. In this paper, we collect and analyze the…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More