Posts by Maria Varmazis

We're back! Rapid7 at SXSW 2016

Last year was the first year we had a number of Rapid7 folks formally speaking at South-by-SouthWest (SXSW), the massive tech/music/culture conference in Austin, TX. Both Nick Percoco and Jay Radcliffe were official presenters and delivered phenomenal talks, which you can read about here in a blog from last year. We had such a great experience last year, that we wanted to do it again—and to our delight, SXSW invited us back! In fact, several members of Team Rapid7 will be making official presen

0 min Rapid7 Culture

Holiday greetings from all of us at Rapid7!

As we reach the end of December and the end of the year, we wanted to take a moment to pause and recognize what an amazing year it has been -- and how grateful we are to EVERYONE who made 2015 so memorable. That's why we put together this short video as a way to say, quite simply, thank you. (Please note: If you see a grey box instead of a video above, the player may take a moment to load.) Happy holidays and happy new year! ~ @mvarmazis [https://twitter.com/mvarmazis]

2 min Metasploit

How to avoid common mistakes in your Metasploit Community/Pro license key request

As a result of export restrictions placed on Metasploit Community and Pro trials, this year we have introduced some new systems to help process license requests. We have received a lot of questions about this, and this post will hopefully answer some of them for you. If you haven't read the original blog post about the export controls [/2015/06/05/availability-of-metasploit-community-metasploit-pro-trials-outside-us-canada] , please take a moment to review the information there on the updates an

5 min Rapid7 Perspective

What is your biggest prediction for 2016?

Following up our earlier post with 2015 key learnings [/2015/11/24/what-was-your-key-learning-from-2015], we asked our panel of lovely infosec pros to gaze into their crystal balls, consult the runes, and read their tea leaves to make their predictions for 2016. In many cases, their notes are less prophetic and more ardent hopes for a better, more secure future. We've listed their predictions below, including several from our own fabulous Team Rapid7 (though I'm obviously biased!). We hope you'

4 min Metasploit

Community Member Spotlight: Q&A with void_in

It's our honor to kick off our Member Spotlight with a Q&A with void_in [https://twitter.com/voidin], one of the most prolific contributors to the Metasploit project and an extremely active member of the Community. You'll frequently find him answering your Metasploit questions or helping you troubleshoot issues, no matter how simple or complex. void_in truly helps make our Community the vibrant and helpful place it is today, and is highly respected and admired for his expertise and his willingne

3 min Events

Thoughts on my very first DerbyCon (which won't be my last)

[ETA: Added in James Lee [https://twitter.com/egyp7]'s excellent State of the Metasploit Framework talk, which I stupidly omitted by accident!] Once you hang around in infosec for a little while, you learn that each of the major cons have their own reputation, their own mini-scene. This one's got the great parties, that one has the best speakers, that other one is where the fresh research is presented, et cetera. One I kept hearing lots of good things about -- full of great content and really g

1 min Vulnerability Disclosure

#IoTsec AMA on Reddit: Sept. 9 @ 3:30pm EST with Mark Stanislav & Tod Beardsley

[update 3pm EST Sept 9] This AMA is now live! The direct link is here: https://www.reddit.com/r/IAmA/comments/3ka38q/we_are_professional_iot_hackers_and_researchers/ Join us and ask your questions! Following up on their research on IoT baby monitor vulns [https://www.rapid7.com/iotsec], Mark Stanislav [http://twitter.com/markstanislav] & Tod Beardsley [http://twitter.com/todb] will be doing an Ask Me Anything (AMA) on Reddit in r/IAMA this Wednesday, September 9, at 3:30pm EST. They'll be a

6 min Events

Rapid7 Takes Las Vegas: Black Hat, BSidesLV & DEF CON ... Talks, Parties & Giveaways... phew!

First things first: You must be registered & confirmed to be able to attend our 2015 Black Hat party. [http://bit.ly/Rapid7BH15] I can't emphasize this enough: Unlike previous years, we are not doing any kind of at-the-door registration for our party this year. If your plan was to live in the spirit of utter spontaneity, roll up to the club and see if you can happen to get in without registering beforehand -- you're going to be disappointed, and we really don't want to see that happen! While w

2 min IoT

#UNITEDsummit 2015: Day 2 Recap

UNITED day 2 kicked off another solid day full of great content and speakers. In one of the first sessions of the day, we heard directly from the voice of customers with a great case study on how UserInsight sped up incident investigation at one customers' organization, from 5 days to just one: Those stats are certainly impressive enough on their own. But we knew it was a late night for a lot of folks the night before (thanks to the fantastic UNITED party!), so for the next session we decid

4 min Events

#UNITEDsummit 2015: Day 1 Recap

As I write this, the first full day of the 2015 UNITED Security Summit is nearing its end -- many of our attendees are still out at our Wednesday evening party (or, reading this the next morning... but hopefully no worse for wear). This seems like a good time to give a quick recap of today's packed agenda. Below are just a few select highlights from the day with video clips where possible. Welcome & Kickoff Our CEO Corey Thomas set the stage for the conference with an exploration of this y

2 min Events

Rapid7 Rapid Fire at #UNITEDsummit 2015 (#Rapid7social)

This year we decided to open up our Rapid7 Rapid Fire event to the infosec community as a whole, and the great questions and audience engagement from the event tonight proves what a great idea this was. All of us on the Rapid7 team are incredibly grateful to everyone who attended Rapid7 Rapid Fire tonight -- from our customers and UNITED attendees to the greater Boston infosec community. This year we had a phenomenal panel of speakers: * Josh Corman @joshcorman (CTO, Sonatype) * David Kenned

2 min

Important Update Regarding Rapid7 Community (SecurityStreet)

I wanted to update you on the latest state of the Rapid7 Community and Support Portal. In response to your feedback, we've made the decision to transition the Community back to Jive, the previous platform for the site, the evening of Friday, June 5. What does this mean? We are setting things back to how they used to be before April 1 of this year. • All users: After June 5, if you were a SecurityStreet user, your previously-active credentials for SecurityStreet will work once again. Upon l

2 min Vulnerability Disclosure

Breaking down the Logjam (vulnerability)

What is it Disclosed on May 19, 2015, the Logjam vulnerability [https://weakdh.org/imperfect-forward-secrecy.pdf] (CVE-2015-4000 [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000]) is a flaw in common TLS implementations that can be used to intercept secure communications. This TLS protocol vulnerability would allow an active man-in-the-middle (MITM) attacker to silently downgrade a TLS session to export-level Diffie-Hellman keys. The attacker could hijack this downgraded session b

1 min Metasploit

2015 Metasploit t-shirt design contest: It's on!

Hacker-designers! We need you! Show us your graphic skills, design an epic Metasploit t-shirt, and win Eternal Fame and Glory! [https://99designs.com/t-shirt-design/contests/metasploit-t-shirt-design-contest-489841/brief] Ahem, er, rather, we're looking for someone to design this year's Metasploit t-shirt. And if you are this year's winning Metasploit t-shirt designer, you will get $230USD and the notoriety and/or immense personal satisfaction in knowing that you're the 2015 Metasploit t-shi