4 min
Penetration Testing
Lessons Learned from an Unlikely Path to My OSCP Certification
In this blog, our own Patrick Laverty discusses lessons learned from his path to a Offensive Security Certified Professional (OSCP) certification.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
4 min
Haxmas
The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference
Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.
4 min
Research
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?
5 min
Research
Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns
Humans are predictable. As unique as we like to think we all are, our actions tend to be similar—and our choices when creating a password are no different.
3 min
Research
Password Tips from a Pen Tester: What is Your Company’s Default Password?
Welcome back to Password Tips From a Pen Tester. Last time, I exposed common
password patterns
[/2018/06/12/password-tips-from-a-pen-tester-common-patterns-exposed/] we see
when we perform penetration testing service engagements
[https://www.rapid7.com/services/penetration-testing-services/] for our clients
at Rapid7. This month, let’s dig into the amazingly weak default passwords that
so many companies use.
The first day on the job: We fill out all the requisite paperwork for Human
Resources a
3 min
Penetration Testing
Password Tips From a Pen Tester: Common Patterns Exposed
Welcome back to Password Tips From a Pen Tester. Last time, I talked about what
you can expect to learn from these posts and I also explained the three most
common passwords that we see on penetration tests
[/2018/05/10/password-tips-from-a-pen-tester-3-passwords-to-eliminate/]. This
month, let’s take a look at how that kind of information is helpful on a
penetration test [https://www.rapid7.com/fundamentals/penetration-testing/], and
correlate what we know to actual data collected.
When my co
4 min
Penetration Testing
Password Tips From a Pen Tester: 3 Passwords to Eliminate
Every week, Rapid7 conducts penetration testing services
[https://www.rapid7.com/services/penetration-testing-services/] for
organizations that cracks hundreds—and sometimes thousands—of passwords. Our
current password trove has more than 500,000 unique passwords that have been
collected over the past two years. Where do these come from? Some of them come
from Windows domain controllers and databases such as MySQL or Oracle; some of
them are caught on the wire using Responder
[https://github.com
4 min
Application Security
What Is User Enumeration?
User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system.
5 min
Metasploit
Pentesting in the Real World: Gathering the Right Intel
This is the first in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
So