Training & Certification
Request a Proposal
User Behavior Analytics
By Compliance Requirement
Find a Partner
About Our Research
Meet the Team
National Exposure Index
Quarterly Threat Report
Under the Hoodie
Events & Webcasts
Training & Certification
IT & Security Fundamentals
News & Press Releases
[New Research] Under the Hoodie: 2018
Stats and stories from another season of penetration testing.
We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.
Project Sonar is a security research project by Rapid7 that conducts internet-wide scans across different services and protocols to gain insight into global exposure to common vulnerabilities. Like our vulnerability disclosures and exploits, we publish our data for free to encourage scientists, engineers, and anyone else interested in the nature and form of the internet to make their own discoveries.
The Heisenberg Cloud is a collection of low-interaction honeypots distributed both geographically and across IP space. The honeypots offer the front end of various services to learn what other scanners are up to (usually no good), and to conduct "passive scanning" to help enhance our understanding of attacker methods.
The National Exposure Index is a study conducted annually to better understand the nature of internet exposure—services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet—and how those exposure levels look around the globe. How does your country’s security posture stack up?
In our quarterly threat reports, we leverage data from the Rapid7 Insight platform, Managed Detection and Response engagements, Project Sonar, and Project Heisenberg to dive into notable security events, determine key takeaways, and provide helpful information for companies continuing to build out their security programs.
In “Under the Hoodie, 2018: Lessons From a Season of Penetration Testing,” we shed light on the “dark art” of penetration testing by revealing not just the processes, techniques, and tools that go into it, but also the real-world experiences of our engineers and investigators gathered over thousands of pen tests.
Explore how Rapid7’s unparalleled understanding of attackers makes our products more powerful.