Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon
Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.…
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.…
This One Time on a Pen Test: Paging Doctor Hackerman
In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.…
R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
The Hickory Smart BlueTooth Enabled Deadbolt IoT ecosystem (which includes mobile applications as well as a cloud-hosted web and MQTT infrastructure) has several vulnerabilities.…
New Research: Investigating and Reversing Avionics CAN Bus Systems
Rapid7's recently released research report examines the security (or lack thereof) of CAN bus networks in small aircraft.…
[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests
Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.…
Rapid7 Releases Industry Cyber-Exposure Report: FTSE 250+
Today, Rapid7 released our third Industry Cyber-Exposure Report, examining the overall exposure of the companies listed in the FTSE 250 index.…
Rapid7 Threat Report Meets MITRE ATT&CK: What We Saw in 2019 Q1
The Q1 edition of our Quarterly Threat Report is unique because all investigated incidents have been mapped to the MITRE ATT&CK framework.…
Rapid7 Quarterly Threat Report: 2019 Q1
In our recent Quarterly Threat Report, we look at commonly targeted industries, the use of remote entry, and the most common phishing sites by industry.…
Key Concepts and Findings from the 2019 Verizon Data Breach Investigations Report
Our Rapid7 Labs research team has pored over Verizon Data Breach Investigations Report to identify some key waypoints to help the Rapid7 community navigate through this sea of information.…
Extracting Firmware from Microcontrollers’ Onboard Flash Memory, Part 4: Texas Instrument RF Microcontrollers
In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.…
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).…
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 2: Nordic RF Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).…
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.…
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…
