Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Social Engineering  

Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Thanks for the many CISOs and security engineers who attended our recent webcast, in which I presented some practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this…

Man on the SecurityStreet - Day 2 Continued.

It's your favorite reporter in the field, Patrick Hellen, reporting back with some more updates from our speaking tracks at the UNITED Summit.Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive - Proactive Measures in Security your Company.…

Man on the SecurityStreet - UNITED Day 1.

Hello from San Francisco, home of the 2012 UNITED Summit.It's been an incredibly full day. I'm writing this quick update from an excellent presentation that nex of Cuckoo Sandbox fame is giving about threat modelling. According to Claudio's research, only 103 of the almost…

SOC Monkey - Week in Review - 8.20.12

Monkeynauts,Welcome back to your weekly round up of the best bits from my App that you should be downloading from the Apple App Store.This week, let's dive right into the most clicked story from last week with an update on how Mat Honan…

SOC Monkey - Week in Review - 8.13.12

Welcome back Monkeynauts,It's Monday, so that means I'm going to tell you to download my App, from the Apple App Store, before launching into the top stories the Pips found interesting last week. Let's take a look, shall we?Let's start this week with…

SOC Monkey - Week in Review - 8.6.12

Monkeynauts,It's good to have you back. If this is your first time here, feel free to check out where I'm getting all my stories by downloading my App from the Apple App Store.Let's take a quick trip back to some of the big…

SOC Monkey Week In Review - 7.23.12

Hello my Monkeyreaders - and welcome back to another edition of the ongoing misadventures of the InfoSec world, as told though my Free App, available as always in the Apple App Store.I figured I'd start off the week with a story that reminds me…

SOC Monkey Week in Review - 6.1.12

Dearest Monkeynauts,As always, I'm back on Friday to give you the biggest news items the Pips have sent out this week via my free app, available in the Apple App store. Download now!I'm sure none of you are surprised to see that our…

SOC Monkey - Week in Review 5.25.12

It's SOC Monkey, coming to you on May 25th, otherwise known as Geek Pride Day. Unrelated, sure, but not something my Monkeynauts should be unaware of.  Also, they should be aware of my IPhone App, still free to download from the Apple App Store.…

SOC Monkey Week In Review 5.11.12

Monkeynauts!I have returned, and I bring free gifts from the Apple App Store - my SOC Monkey App that you should be downloading as I type.First up, I've got a great story from the always wonderful Wired, about just how ubiquitous being attacked…

Microsoft Security Bulletin Summary for February 2012

In the Microsoft Security Bulletin Summary for February 2012, Microsoft released nine bulletins to address 20 vulnerabilities. Instead of love on Valentine's day, organizations may have fear pumping through their hearts when you couple the recent news of several high profile breaches with Patch Tuesday.…

How to Fly Under the Radar of AV and IPS with Metasploit's Stealth Features

When conducting a penetration testing assignment, one objective may be to get into the network without tripping any of the alarms, such as IDS/IPS or anti-virus. Enterprises typically add this to the requirements to test if their defenses are good enough to detect an…

Bait the hook: How to write good phishing emails for social engineering

What are the baits that make people click on a link or attachment in a social engineering email? I've looked at some common examples and tried to categorize them. Maybe this list will trigger some ideas next time you're writing social engineering emails. Habits: Think…

Using the <base> tag to clone a web page for social engineering attacks

Social engineering campaigns can be a lot more effective if you can impersonate a well-known website that users trust. However, when you simply clone a website by cutting-and-pasting the page source and putting it on your own server, your links will stop working. Copying all…

Is Cyber Espionage Cheating?

There is a great quote attributed many times to baseball legend Mark Grace: "If you aren't cheating, then you aren't trying hard enough." This resonates well with me in the current global market where everyone is playing by new rules. It seems like even though…