Posts tagged Tips and Tricks

4 min Tips and Tricks

Feel Like Family Tech Support? Tips for Securing Your Loved Ones This Holiday Season

In this post, we offer some specific advice on how you can make some headway on battening down the cyber-hatches of your loved ones’ home networks.

7 min API

Your Guide to InsightVM’s RESTful API

A Security Automation-Focused API for Forward-Thinking Vulnerability Management Released in January of 2018, Rapid7 InsightVM []’s API version 3—the RESTful API [/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps somewhat inconspicuous, addition to our vulnerability management solution []. Introduced as a successor to previous API versions, the RESTful API was designed for

4 min Application Security

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security scan runs and the alerts start piling in. What went wrong? And what do you do now? Typically when this happens, it means rolling back the entire deployment, retroactively fixing the bugs and vulnerabilities in the code, and a week or two later, re-deploying. If you’

4 min InsightVM

How to Streamline Your Vulnerability Remediation Workflows with InsightVM Projects

If you’re like many security practitioners, you spend a lot of time working with spreadsheets. Whether you’re trying to prioritize your findings or distribute work to remediation teams, an all-too-common workflow is to export this data into a spreadsheet to then be sorted, filtered, copied, and distributed. This tedious, manual effort seems to be the standard for vulnerability management programs [] everywhere, but with our vulnerabil

4 min Rapid7 Perspective

5 Tips for a Cyber Holiday Season

Five tips on how to approach security this holiday season with family and friends

4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose [] customers to show you how to set up your first site, start a scan, and get your vulnerability management [] program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your

4 min Skills

Are You Enabling Corporate Espionage?

While I was flipping through some news stories the other day, a small headline appeared that piqued my interest [] . The headline reads: Former St. Louis Cardinals Exec Pleads Guilty To Cyber Espionage Charges Cyber espionage… in baseball? That was too intriguing to pass up! It essentially describes this: employees from one club, the St Louis Cardina

10 min Tips and Tricks

12 Days of HaXmas: Advanced Persistent Printer

This post is the second in the series, "The 12 Days of HaXmas." By Deral Heiland, Principal Consultant, and Nate Power, Senior Consultant, of Rapid7 Global Services Year after year we have been discussing the risk of Multi-Function Printers (MFP) in the corporate environment and how a malicious actor can easily leverage these devices to carry out attacks, including extraction of Windows Active Directory credentials via LDAP and abusing the "Scan to File" and "Scan to E-mail" features. To take

3 min Skills

Tis the season! For user outreach

As we prepare to move into the end of the year holiday season, organizations tend to enter into one of two modes: they are either winding down end of the year activities in preparation to close their books, or they are sprinting to get things done before the end of the year. Sometimes it's a mixture of both these things. One common theme no matter what mode you are in, is your users will be distracted by the holidays. And if they are distracted, they are more prone to error, which means more vul

2 min Skills

How Does #cyberaware Broaden Our Community?

We all know, from experience or the Verizon DBIR, that stolen credentials are the most common attack vector. Users still present massive risk to our organizations, yet there's plenty of debate about the effectiveness of user training. Meanwhile, users are getting all the FUD of breaches in the news, and aren't yet armed to have constructive conversations about them. Now, this is not to say there aren't awesome security teams running security training programs out there – there most definitely a

2 min Phishing

Top 3 Takeaways from the "How to Make your Workplace Cyber-Safe" Webcast

In the first of four Cyber Security Awareness Month webcasts [] , a panel of security experts, including Bob Lord, CISO in Residence at Rapid7, Ed Adams, President and CEO at Security Innovation, Chris Secrest, Information Security Manager at MetaBank, and Josh Feinblum, VP of Information Security at Rapid7, came together to discuss, "How to Make your Workplace Cyber-Safe [

3 min Events

The Black Hat Attendee Guide, Part 1 - How to Survive Black Hat

If you're like me, you have wanted to go to Black Hat [] for ages. If you're going, have a game plan. For first timers, this series will be a primer full of guidance and survival tips. For returning attendees, this will help maximize your experience at Black Hat. First, I want to give you perspective on my bias, coloring guidance offered here. My slant is that of someone who was a booth babe (sales engineer), a speaker, an attendee, Review Board member and former Gen

3 min Skills

Top 4 Takeaways from the "2015 Security New Year's Resolutions: Expert Panel" Webcast

In this week's webcast, our panel of security experts took the time to reflect on the past year and discuss their 2015 Security New Year's Resolutions []. For this discussion Trey Ford [/author/trey-ford/], Global Security Strategist at Rapid7, and Josh Feinblum [/author/josh-feinblum/], VP of Information Security at Rapid7 were joined by Andrew Plato, President/CEO at Anitian, Chris Calvert, Senior Strategy Manager – Red Team

4 min Metasploit Weekly Wrapup

Weekly Metasploit Update: Post-4.10 Edition

Since we Last Left Our Heroes... Wow, it's been a busy couple weeks here, post-DefCon/Black Hat. As you no doubt have noticed, we released Metasploit 4.10 [/2014/08/13/credentials-are-the-new-exploits-make-credentials-work-for-you-with-with-metasploit-410] , which brings some major architectural changes to how our brute force login scanners are written, run, and logged -- you can read up on all that over at Dave TheLightCosine [] Maloney's delightful documentati

3 min Phishing

How Vulnerable Are Your Phishing Targets?

When you're assessing the exposure to phishing in your organization, one important part are the client-side vulnerabilities that would enable a malicious attacker to exploit a browser. In this blog post, I'd like to outline a non-invasive (and free!) way to get visibility into your client-side risk landscape. There are essentially two ways to use phishing as part of your security program. * Phish 2 Pwn: If you are a penetration tester, you'll likely use spear phishing of a couple of users