Rapid7 Research

Building a safer world through open sources that go beyond code

View Open Datasets

Research at a Glance

Our Philosophy

We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.

Latest Research

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
Recently, we have been discussing hardware hacking for the security professional and researcher. When conducting security research on hardware, we often need to extract the firmware from the onboard flash of microcontrollers. As a primer to this, we decided to start a series in which we discuss the process...
Deral Heiland
Apr 16, 2019
Read More
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Many thanks to Rapid7’s Emmett Kelly, Greg Wiseman, and Brent Cook for their assistance with the vulnerability research and this post. Atlassian was notified in late February about a remote code execution (RCE) flaw in its Confluence and Data Center products and issued an alert with a patch on March...
boB Rudis
Apr 12, 2019
Read More
Q4 Threat Report: Analyzing the Top 3 Advanced Threats and Detection Techniques
It’s that time again! Our Quarterly Threat Report: Q4 and 2018 Wrap-Up was just released, unveiling the biggest trends that happened the last quarter of 2018 and throughout the year. As we spring ahead into a new season, it’s important to know where we came from so we can be better prepared for what’s...
Jake Godgart
Apr 08, 2019
Read More
View More Research
Impact Across Industries
Rapid7 researchers constantly work to uncover unknowns as far as technology reaches.
Consumer Technology
It’s hard to imagine our lives without tech glued to our hands. Reality is, security risks are present in even the most unassuming, commonplace devices. Over the years, our researchers have discovered and made public several critical vulnerabilities capable of compromising your personal data and safety in everything from printers, baby monitors, vehicles, and even children’s toys.
Business Technology
It’s no big secret that security has far-reaching impacts on a business—including on its bottom line. The work of our researchers has helped global organizations secure their internal processes, as well as the safety of the customers who rely on them; these improvements can be seen in medical devices, healthcare software, broadcasting equipment, corporate networks, and more.
Public Infrastructure
While most of us don’t spend our days thinking about critical infrastructure, it’s core to the functioning of our world as we know it. Therefore, as the need to innovate it grows, so does our need to secure it. Given our collective dependency on infrastructure, our researchers make it a priority to investigate how to secure emerging tech like smart sensors, while our Public Policy efforts aim to help governments adopt these innovations securely.
The Minds Behind the Research
Meet the Full Team
Tas Giakouminakis
Tas Giakouminakis
Bob Rudis
Bob Rudis
Derek Abdine
Derek Abdine
Tod Beardsley
Tod Beardsley

Where Research Meets the Roadmap

Explore how Rapid7’s unparalleled understanding of attackers makes our products more powerful.

  • Threat feed dashboard informed by Project Heisenberg honeypots in InsightVM
  • Attacker Based Analytics sourced from Projects Sonar and Heisenberg and threat intelligence in InsightIDR
  • Accelerated discovery and coverage of zero-days and other low-notice exploits in InsightVM
  • Discovery of internet-facing assets in InsightVM using integration with Project Sonar
  • Identification of weak or distrusted certs using research on SSL certificate ecosystem
View All Products

Want to dive deeper into our research data?

View Open Data