All Posts

4 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of Citrix ADC/NetScaler.

5 min Research

The Story Behind Security Breaches

There are many potential causes of security breaches, but what is a common root cause? Human error.

9 min Application Security

Overview of Content Security Policies (CSPs) on the Web

A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 10/30/20

Support for gathering ProxyUsername and ProxyPassword for saved PuTTY sessions, usability improvements for PsExec modules, and another CTF coming soon.

4 min

National Cybersecurity Awareness Month: Security Pros Offer Top Tips for Staying Safe Online

For National Cybersecurity Awareness Month, we rounded up tips from our network of experts to help you easily shore up your approach to cybersecurity.

3 min Vulnerability Management

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.

2 min InsightVM

Rapid7 Announces Improvements to Goals and SLAs in InsightVM

We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.

3 min Detection and Response

2021 Detection and Response Planning, Part 3: Why 2021 Is the Year for SOC Automation

In this third installment of our series around 2021 security planning, we’re focused on SOC automation.

18 min InsightVM

Scan Template Best Practices in InsightVM

This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/23/20

A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.

5 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of Remote Desktop (RDP)

In this edition of our NICER Protocol Deep Dive blog series, we break down the internet exposure of remote desktop (RDP).

2 min Application Security

What’s New in InsightAppSec and tCell: Q3 2020 in Review

This blog recaps some of the latest and greatest ways to leverage Rapid7’s appsec technologies to get time back in your days.

1 min Penetration Testing

This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi

In this iteration of our "This One Time on a Pen Test" series, our client was a private equity company, and the task was to do an onsite wireless pen test from the lobby outside their office.

9 min Vulnerability Disclosure

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.

5 min Windows

Are You Still Running End-of-Life Windows Servers?

Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020, but what does that mean in practice?