Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Research  

This One Time on a Pen Test, Part 3: How Jumping a Fence and Donning a Disguise Helped Me Steal an Energy Company

Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.…

How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.…

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.…

How Our Threat Intel Team Crafts Attacker Behavior Analytics

Threat Intel Lead Rebekah Brown discusses how the teams at Rapid7 create Attacker Behavior Analytics, and how that intel is infused into our solutions.…

Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns

Humans are predictable. As unique as we like to think we all are, our actions tend to be similar—and our choices when creating a password are no different.…

Rapid7 Quarterly Threat Report: 2018 Q2

Our latest Quarterly Threat Report is out, and 2018 has been keeping network defenders on their toes as malicious actors continue to find new ways to compromise networks alongside their tried-and-true types of cyber-attacks.…

Detection Reflection: Analyzing 9 Months of Rapid7 Penetration Testing Engagements

In this post, we’ll review results and trends from Under the Hoodie 2018 as they relate to incident detection, including where our red team found success.…

The Dynamic Duo: How to Use Projects Heisenberg and Sonar to Investigate Attacker Behavior

Cracking a cybersecurity case often requires more than one viewpoint—just look at Starsky and Hutch. For internet-related cases in particular, Rapid7 Labs' Project Sonar and Project Heisenberg each offer unique strengths.…

Under the Hoodie 2018: Lessons from a Season of Penetration Testing

Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin. In this paper, we collect and analyze the…

Password Tips from a Pen Tester: What is Your Company’s Default Password?

Welcome back to Password Tips From a Pen Tester. Last time, I exposed common password patterns we see when we perform penetration testing service engagements for our clients at Rapid7. This month, let’s dig into the amazingly weak default passwords that so many companies…

Blockchain Blunders: Exposing Digital Pickpockets in the Ethereum Ecosystem

(Many thanks to Jon Hart and Bob Rudis for their contributions to this post.) Port 8545 appeared on our radar as one of the top 20 most talkative ports of June 2018. Intrigued by its popularity, we began to examine data related to connections to…

A Behind the Scenes Look at Attacker Behavior Analytics with our MDR Team

Just a handful of years ago, drive-by exploit kits were how attackers attempted to attack companies and individuals. Today, it’s through the delivery of malicious documents and malware that can quickly contort and disguise where it’s coming from. Attack vectors are constantly evolving—…

Analyzing Activity on Kubernetes Ports: Potential Backdooring Through the Kubelet API

Recently at Rapid7 Labs, we’ve noticed an increase in activity on ports related to the management of a Kubernetes cluster. In this post, we provide background context to Kubernetes and how it relates to the issues we see, as well as offer some guidance…

Security Impact of Easily Accessible UART on IoT Technology

When it comes to securing IoT devices, it’s important to know that Universal Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom for device analysis when you have physical access. For example, as part of ongoing security research and testing projects…

Password Tips From a Pen Tester: Common Patterns Exposed

Welcome back to Password Tips From a Pen Tester. Last time, I talked about what you can expect to learn from these posts and I also explained the three most common passwords that we see on penetration tests. This month, let’s take a look…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More