All Posts

2 min Emergent Threat Response

Suspected Post-Authentication Zero-Day Vulnerabilities in Microsoft Exchange Server

On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.

1 min Lost Bots

[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting

In this episode of The Lost Bots, our hosts dive into the practical side of getting your threat hunting efforts up and running.

4 min Detection and Response

The Empty SOC Shop: Where Has All the Talent Gone?

Here's a closer look at some strategies you can use to address churn and staffing shortages in your security operations center (SOC).

1 min Security Nation

[Security Nation] Taki Uchiyama of Panasonic on Product Security and Incident Response

In this episode of Security Nation, Jen and Tod chat with Taki Uchiyama about his work on Panasonic’s Product Security Incident Response Team (PSIRT).

3 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q3 2022 in Review

Let’s take a look at some of the key releases in InsightVM and Nexpose from Q3 2022.

5 min Detection and Response

How to Deploy a SIEM That Actually Works

In this guest post, Rapid7 customer Robert Holzer shares three critical steps for a successful SIEM deployment.

4 min Metasploit

Metasploit Weekly Wrap-Up

Have you built out that awesome media room? If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote [https://www.unifiedremote.com/]. I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member h00die [https://github.com/h00die] added a module this week that uses a recently published vulnerability from H4RK3NZ0 [https://github.com/H4rk3nz0] to leverage an unprot

5 min Threat Intel

One Year After IntSights Acquisition, Threat Intel’s Value Is Clear

After the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings to our product portfolio is unmistakable.

5 min Detection and Response

Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity

Should your team adopt XDR, and if yes, how do you evaluate vendors to determine the best approach? This post takes a closer look.

5 min SOAR

How to Accelerate Your SOAR Program to Full Speed in Less Than a Year

Here are some reflections and advice about setting up a SOAR program, through the lens of one practitioner's successful and innovative year.

2 min Emergent Threat Response

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.

5 min Metasploit

Metasploit Weekly Wrap-Up

BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced a brand new payload type: “custom.” “Custom” payloads use Metasploit stagers to build a stager that will stage whatever shellcode you send it. Got a third-party payload you want to run like Sliver or a

2 min Security Nation

[Security Nation] Chris Levendis and Lisa Olson on Cloud CVEs

In this episode, Jen and Tod chat with Chris Levendis and Lisa Olson about assigning CVE IDs for vulnerabilities affecting cloud solutions.

3 min Vulnerability Management

The 2022 SANS Top New Attacks and Threats Report Is In, and It's Required Reading

The latest Top New Attacks and Threat Report from the cybersecurity experts at SANS is here — and the findings are critical for security teams.

7 min Vulnerability Management

Patch Tuesday - September 2022

In this month's Patch Tuesday, we cover the 79 CVEs, including a zero-day privilege escalation, patched by Microsoft this month.