1 min
Whiteboard Wednesday
Whiteboard Wednesday - Pen Testing for Productivity
This week's Whiteboard Wednesday finds Chris Kirsch, our Senior Product
Marketing Manager for Metasploit, explaining how productivity features within
pen testing tools can save you some significant time.
We here at Rapid7 obviously love open source products, but a common issue with
most of them is that they don't do a great job of focusing on efficiency. If you
add the lack of network security people in the market, and the fact that 46% of
organizations are planning on increasing their security
3 min
Metasploit
Free Information Security Tools: The Best Free Tools of 2013?
Welcome to 2014!
It's a brand new and shiny year, filled with resolutions and promises, and
things you'll pretty much abandon by mid February. We here at Rapid7 figured
that we might try to impart some helpful knowledge on items you WILL use and
adopt throughout 2014. So, since we love free and open source tools, we are
presenting an ongoing series of posts about the free information security tools
that the team at Rapid7 love and use. This post will cover a few of the best
freebies released la
2 min
Security Lessons Learned in 2013 - The Year of Deception Based Attacks
Over the course of the year 2013, the security industry witnessed several high
profile mega-breaches, targeting large organizations like Target and Neiman
Marcus during the Christmas season, where both activity and spending is at its
year-long peak.
The interesting trend from not only these attacks, but many of the other attacks
last year? As businesses, corporations, and government agencies get better at
using tools and software to protect their own data, hackers are pivoting to
capture the da
1 min
Metasploit
Security Guide - Evading Anti-Virus Detection
Here on SecurityStreet, we get a lot of questions regarding penetration testing
and how to evade various Anti-Virus programs detecting the work you're doing.
Still, if you can't actually run a fully functional test, then you can't mimic
the real world conditions that an attacker would take to try to get into and
exploit your networks.
This guide: Security Guide: How to Evade Anti-Virus Detection
[http://information.rapid7.com/Evading-AntiVirus-Security-Guide.html], will help
with how to best av
1 min
Compliance
PCI DSS v3.0 - Rapid7's Guide to PCI Compliance.
If you're one of the many businesses that have to be PCI Compliant, the latest
changes that are coming out in 3.0 are probably of great interest to you.
Thankfully, we here at Rapid7 want to make the transition easier, so we present
two options for you to learn more about these new changes.
First, above, is our PCI DSS 3.0 Whiteboard Wednesday. Our PMM for Nexpose, Nate
Crampton, takes you through a brief overview of the changes, and what these new
requirements might mean for your business.
2 min
Hashtags and Headphones: ALL THE WINNERS!
Security Peoples,
Your favorite Community Manager here again, following up on our Hashtag/Tshirt
contest: Hashtags and Headphones
[/2013/09/23/rapid7s-new-contest-hashtags-and-headphones].
We've chosen two winners for this contest, and we will be shipping a pair of
Beats by Dre Headphones out to these lucky folks right away.
Those winners?
*drumroll*
First up: Edwin van Andel!! Also known as @Yafsec [https://twitter.com/Yafsec]
His winning entry you can see to the right, playing on our lo
2 min
Verizon DBIR
Nightmare on Pwn Street
We've gone a little Halloween-crazy this year over here at Rapid7 Towers. Check
out this week's Whiteboard Wednesday video
[http://www.rapid7.com/resources/videos/horror-sequels-dont-be-a-victim.jsp]to
hear how organizations are like the protagonists of horror movies; making
decisions that may ultimately make them vulnerable to attack. In addition, while
we were carving our pumpkins and sewing our costumes, we got to thinking about
one of the most horrifying realities in information security: ma
1 min
Whiteboard Wednesday - Dread Methodology
This week's Whiteboard Wednesday is on DREAD as a reporting methodology as it
pertains to penetration testing. Rene Aguero, Senior Sales Engineer for Rapid7
will dive into the DREAD and why he thinks that every pen tester should use
DREAD as a reporting methodology when pen testing. Check out the video to learn
more!
Penetration Testing Techniques - DREAD Methodology [VIDEO] | Rapid7
[http://www.rapid7.com/resources/videos/dread-methodology.jsp]
1 min
Metasploit
Putting the Fax Straight: Rapid7.com and Metasploit.com Website Defacement
We want to share a short update regarding the defacement of Rapid7.com and
Metasploit.com last week. A malicious 3rd party, claiming to be KDMS, changed
the DNS settings with our domain registrar, Register.com.
We have heard from Register.com that the attacker did NOT use a spoofed change
request fax as originally and unintentionally communicated by Register.com. It's
more likely the attackers used other social engineering techniques, resulting in
compromised credentials of a Register.com emplo
1 min
Whiteboard Wednesday - The Three Controls You May Not Be Using
Welcome back to another bright and shiny edition of Whiteboard Wednesday.!
I know, you're all disappointed that my bearded silliness isn't the featured
face this week, but instead we're bringing you Jane Man, Product Marketing
Manager for ControlsInsight.
This week, Jane is discussing the top three controls that you should have in
place, but most likely do not. Learn about the three controls that, when
implemented, can take your security program to the next level!
Thanks for watching, and we
3 min
It's the Great Pumpkin Patching Contest, Charlie Brown!
It's October! You all know what that means! That's right! It's National Cyber
Security Awareness Month
[/2013/10/02/national-cyber-security-awareness-month-foiling-phishing]!
Oh...some of you thought Halloween...right. Well let's see if we can shoe-horn
those two together.
Browsing the internet can be a little scary at times. Kind of like trick or
treating, there are houses you know to avoid because the lights are out, but how
do you avoid the house where they've gone on a health kick and are
1 min
Metasploit
Rapid7's New Contest - Hashtags and Headphones!
Hello Security people,
You know how at every trade show you attend, you end up coming home with a
metric ton of T-shirts?
You also know how you need an excellent pair of headphones to drown out the
constant hum of your server room, or the user who needs his keyboard rebooted?
We here at Rapid7, have a contest specifically with you in mind.
If you get one of our new 10th Anniversary Metasploit t-shirts
[/2013/07/16/metasploit-design-contest-winners] at any of the events we're at
this year (fo
0 min
Whiteboard Wednesday 8.28.13 - UNITED Edition
Hello all,
This week, for Whiteboard Wednesday, it's everyone's favorite Community Manager
- Patrick Hellen (ie - me), breaking down what we felt the top 4 takeaway's from
UNITED Security Summit 2013 were.
1 min
Events
Greetings from Blackhat 2013
Good Morning all. It's your Friendly Neighborhood Community Manager, coming to
you live from Blackhat here in intensely warm Las Vegas.
Rapid7 is here as always for the big show, and I'm here to bring you some quick
snapshots of some of the more interesting talk tracks that I'm attending. Keep
your eye on SecurityStreet over the next few days, as we plan on some of our
usual writers and researchers putting their two cents in as well.
To kick things off, the Keynote this morning was kind of an
1 min
SecurityStreet Talks - Houston
Join UHY Advisors and Rapid7 for an afternoon of learning, networking and
discussion with your peers from the Houston security community.
Presenters include Zate Berg, Internal Security Manager at Rapid7, Chris Ward
with Vinson & Elkins LLP, Security Evangelist's Quincy Jackson and Kenneth
Sayles, and more. The afternoon will consist of short, 30-45 minute
presentations focused on hacking industrial control systems, building risk
management methodologies, security philosophy and information sec