1 min
Penetration Testing
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
2 min
Penetration Testing
This One Time on a Pen Test: Missed a Spot
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.
2 min
Penetration Testing
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.
2 min
Penetration Testing
This One Time on a Pen Test: Paging Doctor Hackerman
In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.
4 min
Research
New Research: Investigating and Reversing Avionics CAN Bus Systems
Rapid7's recently released research report examines the security (or lack thereof) of CAN bus networks in small aircraft.
5 min
Research
Industry Cyber-Exposure Report: FTSE 250+
Today, Rapid7 released our third Industry Cyber-Exposure Report, examining the overall exposure of the companies listed in the FTSE 250 index.
4 min
Research
Extracting Firmware from Microcontrollers’
Onboard Flash Memory, Part 4
In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.
4 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).
3 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 2: Nordic RF Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).
3 min
Research
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.
1 min
Research
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.
2 min
Research
Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know
The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.
2 min
Metasploit
Introducing the Metasploit Development Diaries
In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
5 min
Research
Buy One Device, Get Data Free: Private Information Remains on Donated Tech
When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center. However, have you ever wondered what happens to these devices and the data within them?