Posts by Patrick Laverty

4 min OSCP

Lessons Learned from an Unlikely Path to My OSCP Certification

In this blog, our own Patrick Laverty discusses lessons learned from his path to a Offensive Security Certified Professional (OSCP) certification.

4 min Phishing

Tips for a Successful Phishing Engagement

Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.

4 min Haxmas

The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference

Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.

4 min Research

Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?

On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?

5 min Research

Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns

Humans are predictable. As unique as we like to think we all are, our actions tend to be similar—and our choices when creating a password are no different.

3 min Research

Password Tips from a Pen Tester: What is Your Company’s Default Password?

Welcome back to Password Tips From a Pen Tester. Last time, I exposed common password patterns [/2018/06/12/password-tips-from-a-pen-tester-common-patterns-exposed/] we see when we perform penetration testing service engagements [https://www.rapid7.com/services/penetration-testing-services/] for our clients at Rapid7. This month, let’s dig into the amazingly weak default passwords that so many companies use. The first day on the job: We fill out all the requisite paperwork for Human Resources a

3 min Penetration Testing

Password Tips From a Pen Tester: Common Patterns Exposed

Welcome back to Password Tips From a Pen Tester. Last time, I talked about what you can expect to learn from these posts and I also explained the three most common passwords that we see on penetration tests [/2018/05/10/password-tips-from-a-pen-tester-3-passwords-to-eliminate/]. This month, let’s take a look at how that kind of information is helpful on a penetration test [https://www.rapid7.com/fundamentals/penetration-testing/], and correlate what we know to actual data collected. When my co

4 min Penetration Testing

Password Tips From a Pen Tester: 3 Passwords to Eliminate

Every week, Rapid7 conducts penetration testing services [https://www.rapid7.com/services/penetration-testing-services/] for organizations that cracks hundreds—and sometimes thousands—of passwords. Our current password trove has more than 500,000 unique passwords that have been collected over the past two years. Where do these come from? Some of them come from Windows domain controllers and databases such as MySQL or Oracle; some of them are caught on the wire using Responder [https://github.com

4 min Application Security

What Is User Enumeration?

User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system.

5 min Metasploit

Pentesting in the Real World: Gathering the Right Intel

This is the first in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] So