Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Research  

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.…

This One Time on a Pen Test: Paging Doctor Hackerman

In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.…

R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities

The Hickory Smart BlueTooth Enabled Deadbolt IoT ecosystem (which includes mobile applications as well as a cloud-hosted web and MQTT infrastructure) has several vulnerabilities.…

New Research: Investigating and Reversing Avionics CAN Bus Systems

Rapid7's recently released research report examines the security (or lack thereof) of CAN bus networks in small aircraft.…

[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests

Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.…

Rapid7 Releases Industry Cyber-Exposure Report: FTSE 250+

Today, Rapid7 released our third Industry Cyber-Exposure Report, examining the overall exposure of the companies listed in the FTSE 250 index.…

Rapid7 Threat Report Meets MITRE ATT&CK: What We Saw in 2019 Q1

The Q1 edition of our Quarterly Threat Report is unique because all investigated incidents have been mapped to the MITRE ATT&CK framework.…

Rapid7 Quarterly Threat Report: 2019 Q1

In our recent Quarterly Threat Report, we look at commonly targeted industries, the use of remote entry, and the most common phishing sites by industry.…

Key Concepts and Findings from the 2019 Verizon Data Breach Investigations Report

Our Rapid7 Labs research team has pored over Verizon Data Breach Investigations Report to identify some key waypoints to help the Rapid7 community navigate through this sea of information.…

Extracting Firmware from Microcontrollers’ Onboard Flash Memory, Part 4: Texas Instrument RF Microcontrollers

In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 2: Nordic RF Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers

As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.…

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…