Posts by Patrick Hellen

1 min Whiteboard Wednesday

Whiteboard Wednesday - Pen Testing for Productivity

This week's Whiteboard Wednesday finds Chris Kirsch, our Senior Product Marketing Manager for Metasploit, explaining how productivity features within pen testing tools can save you some significant time. We here at Rapid7 obviously love open source products, but a common issue with most of them is that they don't do a great job of focusing on efficiency. If you add the lack of network security people in the market, and the fact that 46% of organizations are planning on increasing their security

3 min Metasploit

Free Information Security Tools: The Best Free Tools of 2013?

Welcome to 2014! It's a brand new and shiny year, filled with resolutions and promises, and things you'll pretty much abandon by mid February. We here at Rapid7 figured that we might try to impart some helpful knowledge on items you WILL use and adopt throughout 2014. So, since we love free and open source tools, we are presenting an ongoing series of posts about the free information security tools that the team at Rapid7 love and use. This post will cover a few of the best freebies released la

2 min

Security Lessons Learned in 2013 - The Year of Deception Based Attacks

Over the course of the year 2013, the security industry witnessed several high profile mega-breaches, targeting large organizations like Target and Neiman Marcus during the Christmas season, where both activity and spending is at its year-long peak. The interesting trend from not only these attacks, but many of the other attacks last year? As businesses, corporations, and government agencies get better at using tools and software to protect their own data, hackers are pivoting to capture the da

1 min Metasploit

Security Guide - Evading Anti-Virus Detection

Here on SecurityStreet, we get a lot of questions regarding penetration testing and how to evade various Anti-Virus programs detecting the work you're doing. Still, if you can't actually run a fully functional test, then you can't mimic the real world conditions that an attacker would take to try to get into and exploit your networks. This guide: Security Guide: How to Evade Anti-Virus Detection [], will help with how to best av

1 min Compliance

PCI DSS v3.0 - Rapid7's Guide to PCI Compliance.

If you're one of the many businesses that have to be PCI Compliant, the latest changes that are coming out in 3.0 are probably of great interest to you.  Thankfully, we here at Rapid7 want to make the transition easier, so we present two options for you to learn more about these new changes. First, above, is our PCI DSS 3.0 Whiteboard Wednesday. Our PMM for Nexpose, Nate Crampton, takes you through a brief overview of the changes, and what these new requirements might mean for your business.

2 min

Hashtags and Headphones: ALL THE WINNERS!

Security Peoples, Your favorite Community Manager here again, following up on our Hashtag/Tshirt contest: Hashtags and Headphones [/2013/09/23/rapid7s-new-contest-hashtags-and-headphones]. We've chosen two winners for this contest, and we will be shipping a pair of Beats by Dre Headphones out to these lucky folks right away. Those winners? *drumroll* First up: Edwin van Andel!!  Also known as @Yafsec [] His winning entry you can see to the right, playing on our lo

2 min Verizon DBIR

Nightmare on Pwn Street

We've gone a little Halloween-crazy this year over here at Rapid7 Towers. Check out this week's Whiteboard Wednesday video []to hear how organizations are like the protagonists of horror movies; making decisions that may ultimately make them vulnerable to attack. In addition, while we were carving our pumpkins and sewing our costumes, we got to thinking about one of the most horrifying realities in information security: ma

1 min

Whiteboard Wednesday - Dread Methodology

This week's Whiteboard Wednesday is on DREAD as a reporting methodology as it pertains to penetration testing. Rene Aguero, Senior Sales Engineer for Rapid7 will dive into the DREAD and why he thinks that every pen tester should use DREAD as a reporting methodology when pen testing. Check out the video to learn more! Penetration Testing Techniques - DREAD Methodology [VIDEO] | Rapid7 []

1 min Metasploit

Putting the Fax Straight: and Website Defacement

We want to share a short update regarding the defacement of and last week. A malicious 3rd party, claiming to be KDMS, changed the DNS settings with our domain registrar, We have heard from that the attacker did NOT use a spoofed change request fax as originally and unintentionally communicated by It's more likely the attackers used other social engineering techniques, resulting in compromised credentials of a emplo

1 min

Whiteboard Wednesday - The Three Controls You May Not Be Using

Welcome back to another bright and shiny edition of Whiteboard Wednesday.! I know, you're all disappointed that my bearded silliness isn't the featured face this week, but instead we're bringing you Jane Man, Product Marketing Manager for ControlsInsight. This week, Jane is discussing the top three controls that you should have in place, but most likely do not. Learn about the three controls that, when implemented, can take your security program to the next level! Thanks for watching, and we

3 min

It's the Great Pumpkin Patching Contest, Charlie Brown!

It's October! You all know what that means! That's right! It's National Cyber Security Awareness Month [/2013/10/02/national-cyber-security-awareness-month-foiling-phishing]! Oh...some of you thought Halloween...right. Well let's see if we can shoe-horn those two together. Browsing the internet can be a little scary at times.  Kind of like trick or treating, there are houses you know to avoid because the lights are out, but how do you avoid the house where they've gone on a health kick and are

1 min Metasploit

Rapid7's New Contest - Hashtags and Headphones!

Hello Security people, You know how at every trade show you attend, you end up coming home with a metric ton of T-shirts? You also know how you need an excellent pair of headphones to drown out the constant hum of your server room, or the user who needs his keyboard rebooted? We here at Rapid7, have a contest specifically with you in mind. If you get one of our new 10th Anniversary Metasploit t-shirts [/2013/07/16/metasploit-design-contest-winners] at any of the events we're at this year (fo

0 min

Whiteboard Wednesday 8.28.13 - UNITED Edition

Hello all, This week, for Whiteboard Wednesday, it's everyone's favorite Community Manager - Patrick Hellen (ie - me), breaking down what we felt the top 4 takeaway's from UNITED Security Summit 2013 were.

1 min Events

Greetings from Blackhat 2013

Good Morning all. It's your Friendly Neighborhood Community Manager, coming to you live from Blackhat here in intensely warm Las Vegas. Rapid7 is here as always for the big show, and I'm here to bring you some quick snapshots of some of the more interesting talk tracks that I'm attending. Keep your eye on SecurityStreet over the next few days, as we plan on some of our usual writers and researchers putting their two cents in as well. To kick things off, the Keynote this morning was kind of an

1 min

SecurityStreet Talks - Houston

Join UHY Advisors and Rapid7 for an afternoon of learning, networking and discussion with your peers from the Houston security community. Presenters include Zate Berg, Internal Security Manager at Rapid7, Chris Ward with Vinson & Elkins LLP, Security Evangelist's Quincy Jackson and Kenneth Sayles, and more. The afternoon will consist of short, 30-45 minute presentations focused on hacking industrial control systems, building risk management methodologies, security philosophy and information sec