Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320
Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.…
R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment
Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.…
Open-Source Command and Control of the DOUBLEPULSAR Implant
Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.…
How Rapid7 Industry Research Strengthens InsightVM
Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.…
This One Time on a Pen Test: Your Mouse Is My Keyboard
In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.…
Rapid7 Introduces Industry Cyber-Exposure Report: Nikkei 225
Today, Rapid7 released our fourth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Nikkei 225 index.…
Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon
Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.…
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.…
This One Time on a Pen Test: Paging Doctor Hackerman
In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.…
R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
The Hickory Smart BlueTooth Enabled Deadbolt IoT ecosystem (which includes mobile applications as well as a cloud-hosted web and MQTT infrastructure) has several vulnerabilities.…
New Research: Investigating and Reversing Avionics CAN Bus Systems
Rapid7's recently released research report examines the security (or lack thereof) of CAN bus networks in small aircraft.…
[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests
Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.…
Rapid7 Releases Industry Cyber-Exposure Report: FTSE 250+
Today, Rapid7 released our third Industry Cyber-Exposure Report, examining the overall exposure of the companies listed in the FTSE 250 index.…
Rapid7 Threat Report Meets MITRE ATT&CK: What We Saw in 2019 Q1
The Q1 edition of our Quarterly Threat Report is unique because all investigated incidents have been mapped to the MITRE ATT&CK framework.…
Rapid7 Quarterly Threat Report: 2019 Q1
In our recent Quarterly Threat Report, we look at commonly targeted industries, the use of remote entry, and the most common phishing sites by industry.…
