Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Research  

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.…

This One Time on a Pen Test: Doing Well With XML

In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.…

NICER Protocol Deep Dive: Internet Exposure of SMTP

In this installment of our NICER Protocol Deep Dive blog series, we discuss internet exposure of SMTP.…

This One Time on a Pen Test: I Know...Everything

In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.…

Exploitability Analysis: Smash the Ref Bug Class

Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.…

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.…

NICER Protocol Deep Dive: Internet Exposure of rsync

In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.…

This One Time on a Pen Test: Ain’t No Fence High Enough

In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.…

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.…

NICER Protocol Deep Dive: Internet Exposure of SMB

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.…

This One Time on a Pen Test: How I Outwitted the Vexing VPN

In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.…

This One Time on a Pen Test: I’m Calling My Lawyer!

In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.…

NICER Protocol Deep Dive: Internet Exposure of FTP

In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.…

This One Time on a Pen Test: Playing Social Security Slots

This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.…

Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner

Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing…

Never miss a blog

Get the latest stories, expertise, and news about security today.