Posts tagged Research

Rapid7 Introduces Industry Cyber-Exposure Report: ASX 200

Today, Rapid7 released our second Industry Cyber-Exposure Report, examining the overall exposure of the ASX 200 family of companies.

2 min Research

Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know

This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.

3 min Vulnerability Management

Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know

On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.

6 min IoT

[IoT Security] Introduction to Embedded Hardware Hacking

Many security professionals and researchers are intrigued by the idea of opening up and exploring embedded technologies but aren’t sure where to start.

9 min Research

Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R

Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.

8 min Vulnerability Management

Understanding Ubiquiti Discovery Service Exposures

On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.

3 min Research

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.

6 min Haxmas

Happy HaXmas! Year-End Internet Scanning Observations

As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.

25 min Haxmas

The Ghost of Exploits Past: A Deep Dive into the Morris Worm

In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.

4 min Haxmas

Once a Haxer, Always a Haxor

Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.

13 min Research

Rsunk your Battleship: An Ocean of Data Exposed through Rsync

Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet.

2 min Research

Charting the Forthcoming PHPocalypse in 2019

This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.

4 min Research

This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength

During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?

4 min Research

Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?

On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?

2 min Penetration Testing

This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering

Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.