Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Research  

Charting the Forthcoming PHPocalypse in 2019

This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.…

Q3 Threat Report: Analyzing Three Key Detection Trends

In this post, we will review findings from our 2018 Q3 Threat Report, including common attack types, the Emotet malware, and protocol poisoning.…

How Rapid7 Researchers Used Data Science to Wrangle Messy WHOIS Data

As part of our research for the Industry Cyber-Exposure Report: Fortune 500, we attempted to quantify the public exposure of various organizations.…

Rapid7 Introduces Industry Cyber-Exposure Report: Fortune 500

Today, Rapid7 released our first Industry Cyber-Exposure Report, examining the overall exposure of the Fortune 500 family of companies.…

How Your Organization Can Respond After News of a Major Security Breach

When data breaches occur, there are proactive actions organizations can take to double-check their current-state security posture, practices, and protocols.…

Rapid7 Quarterly Threat Report: 2018 Q3

The leaves are falling and it’s getting colder, which means it’s time for our newest Quarterly Threat Report.…

Introducing Metasploit’s First Evasion Modules

Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.…

This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength

During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?…

Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?

On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?…

Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon

Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.…

This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering

Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.…

This One Time on a Pen Test, Part 3: How Jumping a Fence and Donning a Disguise Helped Me Steal an Energy Company

Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.…

How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.…

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.…

How Our Threat Intel Team Crafts Attacker Behavior Analytics

Threat Intel Lead Rebekah Brown discusses how the teams at Rapid7 create Attacker Behavior Analytics, and how that intel is infused into our solutions.…