Posts tagged Research

9 min Research

Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?

The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.

3 min Haxmas

Don't Spread This Holiday Cheer: How to Secure Your Leftover Technology

When you get your new gizmos and gadgets, how can you make sure your old tech is properly handled so your personal data stays safe?

4 min Research

Cisco Self-Signed Certificate Expiration on Jan. 1, 2020: What You Need to Know

Cisco released Field Notice 70489 this week making owners of a wide range of Cisco devices of an impending certificate expiration issue.

4 min IoT

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.

2 min Research

What a Difference a Year Makes: Revisiting Our Inaugural Fortune 500 ICER One Year Later

It's now been a year since we released our first Fortune 500 ICER, so we decided to take a quick look at a key control, DMARC, to look for improvements.

2 min Research

Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.

6 min Vulnerability Disclosure

R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment

Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.

3 min Penetration Testing

This One Time on a Pen Test: “Let Me Get That for You”

In this blog, we discuss how our team successfully gained access to a client's physical building in an unlikely way.

20 min Research

Open-Source Command and Control of the DOUBLEPULSAR Implant

Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.

1 min Penetration Testing

This One Time on a Pen Test: Our Accidental Win

In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.

2 min Penetration Testing

This One Time on a Pen Test: What’s in the Box?

Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.

2 min Penetration Testing

This One Time on a Pen Test: The Pizza of Doom

Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.

4 min InsightVM

How Rapid7 Industry Research Strengthens InsightVM

Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.

2 min Penetration Testing

This One Time on a Pen Test: Your Mouse Is My Keyboard

In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.

3 min Research

Rapid7 Introduces Industry Cyber-Exposure Report: Nikkei 225

Today, Rapid7 released our fourth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Nikkei 225 index.