5 min
Under the Hoodie
2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.
Read Full Post
1 min
Under the Hoodie
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.
Read Full Post
2 min
This One Time on a Pen Test
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
Read Full Post
3 min
This One Time on a Pen Test
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.
Read Full Post
2 min
This One Time on a Pen Test
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
Read Full Post
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Ain’t No Fence High Enough
In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: Playing Social Security Slots
This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.
Read Full Post
2 min
Penetration Testing
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing
Read Full Post
2 min
Research
Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests
Rapid7 recently released its 2020 Under the Hoodie report, detailing the ins and outs of penetration testing.
Read Full Post
3 min
Penetration Testing
Ask a Pen Tester, Part 1: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
Rapid7 pen testers Gisela Hinojosa and Carlota Bindner break-down a number of popular questions related to the mysterious art of penetration testing.
Read Full Post
3 min
Penetration Testing
This One Time on a Pen Test: “Let Me Get That for You”
In this blog, we discuss how our team successfully gained access to a client's physical building in an unlikely way.
Read Full Post
1 min
Penetration Testing
This One Time on a Pen Test: Our Accidental Win
In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: What’s in the Box?
Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: The Pizza of Doom
Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: Your Mouse Is My Keyboard
In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
Read Full Post
3 min
Penetration Testing
This One Time on a Pen Test: Missed a Spot
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.
Read Full Post
13 min
Penetration Testing
Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon
Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.
Read Full Post
2 min
Penetration Testing
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.
Read Full Post
2 min
Under the Hoodie
This One Time on a Pen Test: Paging Doctor Hackerman
In this blog, one of our penetration testers tells the story of how he hacked X-ray machine and got the keys to the entire network.
Read Full Post
2 min
Research
[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests
Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.
Read Full Post
4 min
Research
This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength
During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?
Read Full Post
3 min
Penetration Testing
This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering
Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.
Read Full Post
3 min
Research
This One Time on a Pen Test, Part 3: How Jumping a Fence and Donning a Disguise Helped Me Steal an Energy Company
Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.
Read Full Post
4 min
Penetration Testing
How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'
At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.
Read Full Post
6 min
InsightAppSec
Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications
As part of this year's "Under the Hoodie" report, we identified the latest web application security risks companies are facing today.
Read Full Post
3 min
Penetration Testing
This One Time on a Pen Test, Part 2: How Just One Flaw Helped Us Beat the Unbeatable Network
During one pen testing engagement, we were pitted against a well-hardened, locked-down, and mature environment. However, all it took was one slip-up to give us the keys to the kingdom.
Read Full Post
4 min
Penetration Testing
This One Time on a Pen Test, Part 1: Curiosity Didn’t Kill the Cat—Honesty Did
As part of a penetration test, I worked with the client to craft an engagement that would evaluate their employee and technology preparedness against a sophisticated, targeted phishing and vishing attack.
Read Full Post
5 min
InsightVM
Under the Hoodie: Which Vulns Are Being Exploited by Attackers (and Our Pen Testers) in 2018?
Software vulnerabilities are at the core of pen testing—and our "Under the Hoodie" report provides insights and advice one can only get in the trenches.
Read Full Post
2 min
Penetration Testing
Under the Hoodie 2018: Lessons from a Season of Penetration Testing
Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin.
Read Full Post
3 min
Authentication
Under the Hoodie: Actionable Research from Penetration Testing Engagements
Today, we're excited to release Rapid7's latest research paper, Under the
Hoodie: Actionable Research from Penetration Testing Engagements
[https://www.rapid7.com/info/under-the-hoodie], by Bob Rudis
[https://twitter.com/hrbrmstr], Andrew Whitaker
[https://www.linkedin.com/in/drewwhitaker/], Tod Beardsley
[https://twitter.com/todb], with loads of input and help from the entire Rapid7
pentesting team.
This paper covers the often occult art of penetration testing, and seeks to
demystify the proce
Read Full Post