PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs
Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.…
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.…
NICER Protocol Deep Dive: Internet Exposure of SMTP
In this installment of our NICER Protocol Deep Dive blog series, we discuss internet exposure of SMTP.…
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.…
Exploitability Analysis: Smash the Ref Bug Class
Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.…
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.…
NICER Protocol Deep Dive: Internet Exposure of rsync
In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.…
This One Time on a Pen Test: Ain’t No Fence High Enough
In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.…
Rapid7 Releases Q2 2020 Quarterly Threat Report
It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.…
NICER Protocol Deep Dive: Internet Exposure of SMB
In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.…
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.…
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.…
NICER Protocol Deep Dive: Internet Exposure of FTP
In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.…
This One Time on a Pen Test: Playing Social Security Slots
This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.…
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing…