All Posts

2 min This One Time on a Pen Test

This One Time on a Pen Test: I Know...Everything

In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
6 min Detection and Response

Rapid7 Introduces “Active Response” for End-to-End Detection and Response

We are excited to announce the launch of our new Active Response capability as a part of our MDR Elite service
9 min Metasploit

Exploitability Analysis: Smash the Ref Bug Class

Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.
5 min Research

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.

6 min Detection and Response

2021 Detection and Response Planning, Part 1: Rapid7’s Jeffrey Gardner Breaks Down How CISOs Should Approach Security Planning for the New Year

To kick off this series, we sat down with Jeffrey Gardner, a former Information Security Officer, and recently appointed Practice Advisor for our Detection and Response portfolio here at Rapid7.
3 min Metasploit Weekly Wrapup

Metasploit Wrap-up: 9/25/20

Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.
6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of rsync

In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.
2 min This One Time on a Pen Test

This One Time on a Pen Test: Ain’t No Fence High Enough

In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.
2 min Research

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.
2 min InsightIDR

Define What to Parse From Logs with the Custom Parsing Tool in InsightIDR

In InsightIDR, Rapid7’s SIEM tool, customers use log data to detect malicious activity, prove compliance, and gain visibility across their network.

3 min Metasploit

Metasploit Wrap-Up: Sep. 18, 2020

Six new modules this week, and a good group of enhancements and fixes!
6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of SMB

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.
5 min Public Policy

A step closer to stronger federal IoT security

The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.

3 min InsightVM

Decentralize Remediation Efforts to Gain More Efficiency with InsightVM

We’re excited to introduce you to two new InsightVM product updates to help you further reduce friction, save time, and gain greater efficiency.

2 min Penetration Testing

This One Time on a Pen Test: How I Outwitted the Vexing VPN

In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.

Popular Topics

Tags