4 min
National / Industry / Cloud Exposure Report (NICER)
NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler
In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of Citrix ADC/NetScaler.
Read Full Post
5 min
Research
The Story Behind Security Breaches
There are many potential causes of security breaches, but what is a common root cause? Human error.
Read Full Post
5 min
National / Industry / Cloud Exposure Report (NICER)
NICER Protocol Deep Dive: Internet Exposure of Remote Desktop (RDP)
In this edition of our NICER Protocol Deep Dive blog series, we break down the internet exposure of remote desktop (RDP).
Read Full Post
3 min
Research
PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs
Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.
Read Full Post
3 min
This One Time on a Pen Test
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.
Read Full Post
6 min
National / Industry / Cloud Exposure Report (NICER)
NICER Protocol Deep Dive: Internet Exposure of SMTP
In this installment of our NICER Protocol Deep Dive blog series, we discuss internet exposure of SMTP.
Read Full Post
2 min
This One Time on a Pen Test
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
Read Full Post
9 min
Metasploit
Exploitability Analysis: Smash the Ref Bug Class
Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.
Read Full Post
5 min
Research
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.
Read Full Post
6 min
National / Industry / Cloud Exposure Report (NICER)
NICER Protocol Deep Dive: Internet Exposure of rsync
In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.
Read Full Post
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Ain’t No Fence High Enough
In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.
Read Full Post
2 min
Quarterly Threat Report
Rapid7 Releases Q2 2020 Quarterly Threat Report
It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.
Read Full Post
6 min
National / Industry / Cloud Exposure Report (NICER)
NICER Protocol Deep Dive: Internet Exposure of SMB
In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of SMB.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.
Read Full Post