Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Under the Hoodie  

2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities

Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.…

Behind the Scenes: Under the Hoodie 2020 Video Series

In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.…

This One Time on a Pen Test: How I Hacked a Self-Driving Car

In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.…

This One Time on a Pen Test: Doing Well With XML

In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.…

This One Time on a Pen Test: I Know...Everything

In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.…

This One Time on a Pen Test: Ain’t No Fence High Enough

In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.…

This One Time on a Pen Test: How I Outwitted the Vexing VPN

In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.…

This One Time on a Pen Test: I’m Calling My Lawyer!

In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.…

This One Time on a Pen Test: Playing Social Security Slots

This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.…

Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner

Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing…

Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests

Rapid7 recently released its 2020 Under the Hoodie report, detailing the ins and outs of penetration testing.…

Ask a Pen Tester, Part 1: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner

Rapid7 pen testers Gisela Hinojosa and Carlota Bindner break-down a number of popular questions related to the mysterious art of penetration testing.…

This One Time on a Pen Test: “Let Me Get That for You”

In this blog, we discuss how our team successfully gained access to a client's physical building in an unlikely way.…

This One Time on a Pen Test: Our Accidental Win

In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.…

This One Time on a Pen Test: What’s in the Box?

Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.…

Never miss a blog

Get the latest stories, expertise, and news about security today.