4 min
Automation and Orchestration
Security Career Paths: Common and Unique Roles
Security is one of the most in-demand roles today. According to recent numbers
, the demand for security workers is expected to grow to 6 million worldwide by
2019. So how do you get into or grow your career in security?
What makes security so interesting is the many directions you can take —
traditional or not. This post will walk you through how to build
6 min
IoT
NCSAM Security Crash Diet, Week 4: IoT
The final week of our 'Security Crash Diet' series for NCSAM explores what the IoT device purchasing process is like for consumers who want to buy IoT with security in mind. Spoiler: It isn't easy.
6 min
Metasploit
Testing SMB Server Security with Metasploit Pro Task Chains: Part 1
A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.
2 min
Metasploit
Metasploit Wrapup: Oct. 27, 2017
Would you like to help Metasploit Framework and get a free t-shirt?
There is still a bit of October left, which means you can totally still sign up
for Hacktoberfest : a fun annual project to
encourage open source software contributions! Make four pull requests on any
open source GitHub project by Oct 31, and you might find yourself some joy and
fulfilment—but at least a free t-shirt.
Check out the Contribute section on the refreshed metasploit.com
2 min
Automation and Orchestration
Why Security Teams Should Embrace (Not Fear) Automation
It’s not the coming of the apocalypse. It’s not the end of the security
profession. And it’s certainly not a bad thing. We’re talking about the rise of
automation. As security threats become a bigger part of the day-to-day concerns
at all types of organizations, bringing in machines has become necessary to keep
up. In fact, security automation can help you become even more valuable as an
employee. Being at the heart of the security orchestration and automation
3 min
IoT
ROCA: Vulnerable RSA Key Generation
In the KRACK-related and BadRabbit-related chaos of the past week and a half,
some people missed a less flashy vulnerability that nevertheless dug up key
long-term questions on IoT supply chains and embedded technology. The
Czech-based Center for Research on Cryptography and Security published research
last weekon a vulnerability (CVE-2017-15361) in the RSA key generation process
in a widely-used cryptographic software library found in Infineon secure chips.
Specifically:
“The algorithmic vulne
3 min
Malware
The BadRabbit Ransomware Attack: What You Need To Know
What’s Up?
Rapid7 has been tracking reports of an expanding ransomware campaign dubbed
BadRabbit. Russian news outlets and other organizations across Europe have
reported being victims of this malware and the “outbreak” is continuing to
spread.
The BadRabbit attackers appear to have learned some lessons from previous
outbreaks earlier this year and have both limited the external spreading
capabilities of the ransomware as well as made the payments a bit harder for
researchers, responders and au
6 min
Phishing
NCSAM Security Crash Diet, Week 3: Privacy and Backups
In week three of Rapid7's NCSAM 'Security Crash Diet' series, our cybersleuth 'Olivia' tests practical advice on privacy (think location-sharing) and has a few scary moments with backups.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Oct. 20, 2017
Exploits for hours. Gather 'round with a pocket full of shells.
8 min
5 Wrong Lessons From Equifax, and the Missed Opportunity of OWASP
Much ink has been spilled on the Equifax breach, along with plenty of
(well-deserved) public excoriation of all responsible parties, starting from the
top.
However, quantity is no substitute for quality, and certainly not when it comes
to tech journalism. Oftentimes, the content of such articles is dictated by the
need for attention: clickbait first, substance never. As a result, there’s a
missed opportunity to turn a disaster into a teachable moment.
What’s worse is that many people will
1 min
Komand
Everything You Need to Know About Building a Career in Security
Are you thinking about pursuing a career in security? Or have you already
started one, and you’re wondering what it will take to get to the next level?
Perhaps you have been in the security field for a long time, and it’s starting
to feel a little stale?
Regardless of where you are in your journey, we’ve put together a helpful guide
full of valuable information and real-world anecdotes about what it means to
pursue this dynamic and challenging vocation.
Free eBook: Defining Your Career Path as
5 min
Rapid7 Perspective
NCSAM Security Crash Diet, Week 2: Social and Travel
Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.
2 min
Guest Perspective
NIST Standards and Why They Matter
A primer on implementing NIST recommendations by guest author Matt Kelly
5 min
SIEM
SIEM Market Evolution And The Future of SIEM Tools
There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.
3 min
InsightIDR
InsightIDR Now Supports Multi-Factor Auth and Data Archiving
InsightIDR is now part of the Rapid7 platform. Learn more about our platform vision and how it enables you to have the SIEM solution you've always wanted.