1 min
Penetration Testing
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
2 min
Penetration Testing
This One Time on a Pen Test: Missed a Spot
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.
12 min
Penetration Testing
Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon
Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.
2 min
Penetration Testing
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.
2 min
Penetration Testing
This One Time on a Pen Test: Paging Doctor Hackerman
In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.
4 min
Penetration Testing
Why a 17-Year Veteran Pen Tester Took the OSCP
Why would a 17-year veteran penetration tester undergo the somewhat costly, time-consuming, and challenging ordeal to obtain what may be considered an entry-level certification?
4 min
Haxmas
The Return of Snapid Kevin to the North Pole
Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?
3 min
Penetration Testing
7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros
Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.
4 min
Research
This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength
During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?
4 min
Research
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?
3 min
Penetration Testing
Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon
Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.
2 min
Penetration Testing
This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering
Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.
3 min
Penetration Testing
Pen Test, Part 3: Jumping a Fence and Donning a Disguise
Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.
3 min
Penetration Testing
How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'
At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.
2 min
Penetration Testing
Pen Test, Part 2: How Just One Flaw Helped Us Beat the Unbeatable Network
During one pen testing engagement, we were pitted against a well-hardened, locked-down, and mature environment. However, all it took was one slip-up to give us the keys to the kingdom.