[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests
Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.…
How to Start a Career in Cybersecurity: From Stay-at-Home Mom to Security Pro-in-Training
My name is Carlota Bindner, and here is my story on how I went from being a stay-at-home mom and community volunteer to participating in Rapid7's Security Consultant Development Program.…
Lessons from a Pen Test: The Power of a Well-Researched and Well-Timed Phishing Email
On a recent pen test, Steve Laura saw just how effective phishing emails can be with the right research and timing.…
No DA? No Problem! How Attackers Can Access Sensitive Data without Escalated Privileges
When pen testers look at your network, one of their main goals is privilege escalation. However, there is still plenty of ways to access sensitive data without this access.…
Why a 17-Year Veteran Pen Tester Took the OSCP
Why would a 17-year veteran penetration tester undergo the somewhat costly, time-consuming, and challenging ordeal to obtain what may be considered an entry-level certification?…
The Return of Snapid Kevin to the North Pole
Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?…
7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros
Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.…
This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength
During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?…
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?…
Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon
Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.…
This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering
Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.…
This One Time on a Pen Test, Part 3: How Jumping a Fence and Donning a Disguise Helped Me Steal an Energy Company
Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.…
How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'
At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.…
Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications
As part of this year's "Under the Hoodie" report, we identified the latest web application security risks companies are facing today.…
This One Time on a Pen Test, Part 2: How Just One Flaw Helped Us Beat the Unbeatable Network
During one pen testing engagement, we were pitted against a well-hardened, locked-down, and mature environment. However, all it took was one slip-up to give us the keys to the kingdom.…
