All Posts

4 min Research

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1

At this year's DefCon IoT Village, Rapid7 ran a hands-on hardware hacking exercise that exposed attendees to concepts and methods for IoT hacking.

4 min Cloud Security

A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 1

When it comes to securing your cloud assets' activities at runtime, the first step is deciding how.

7 min Application Security

OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective

Injection claimed the number 3 spot in OWASP's 2021 Top 10 application security risks. We highlight why injection remains such a formidable threat.

6 min InsightVM

Passwordless Network Scanning: Same Insights, Less Risk

The Scan Assistant is a lightweight service within InsightVM Network Scan Engine that can scan against targets without the need to provide credentials

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.

5 min Threat Intel

4 Simple Steps for an Effective Threat Intelligence Program

By following these simple steps, you can implement an effective threat intelligence program that's built for the modern cybersecurity environment.

5 min Cloud Security

Turn On, Tune In, Drop the Noise: Achieve Better Cloud Security by Reducing Noise

For security professionals, it's easy to get lost in the noise. And when it comes to cloud security, tuning into the signal is essential.

2 min Security Nation

[Security Nation] Michael Daniel on the Cyber Threat Alliance

In this episode of Security Nation, Jen and Tod chat with Michael Daniel about his work as president and CEO of the Cyber Threat Alliance.

7 min Vulnerability Management

Patch Tuesday - October 2021

Today’s Patch Tuesday sees Microsoft issuing fixes [https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct] for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike. One vulnerability has already been seen exploited in the wild: CVE-2021-40449 [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40449] is an elev

4 min Application Security

This Was the Summer of AppSec: All the Improvements We Made in Q3

But before we fall into another season, we wanted to look back on all of the improvements we've made to InsightAppSec and tCell over the last 3 months.

4 min Kubernetes

Have You Checked the New Kubernetes RBAC Swiss Army Knife?

InsightCloudSec’s RBAC tool is an all-in-one open-source tool for analyzing Kubernetes RBAC policies and simplifying Kubernetes RBAC.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New modules for vCenter Server and Linux Netfilter, plus fixes and enhancements.

3 min InsightVM

What's New in InsightVM: Q3 2021 in Review

In today's post, we're giving a rundown of new features and functionality launched in Q3 2021 for InsightVM and the Insight Platform.

1 min Detection and Response

Velociraptor to Announce Winners of Its 2021 Contributor Competition

Velociraptor and Rapid7 are excited to announce the winners of our 2021 Velociraptor Contributor Competition on Friday, October 8.

3 min Emergent Threat Response

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.