Rapid7 Labs
Cybersecurity Intelligence, Threat Data & Research
Rapid7 Labs tracks adversaries, shares proprietary, curated intelligence and research, and builds trusted open-source communities—all to help you improve your security program.
Yes, you know Rapid7 Labs
5,500+
Metasploit modules for threat-informed purple teaming
10,000+
Open-source researchers, pen testers, and threat hunters
The 2024 Attack Intelligence Report
Since 2020, Rapid7 has tracked huge increases in zero-day exploits, ransomware attacks, mass compromise incidents, and evolutions in attacker behavior. Rapid7 Labs has analyzed 14 months of attacker behavior and marquee vulnerabilities, publishing the findings alongside expert analysis and practical guidance for security professionals.
Ransomware Radar Report
The first half of 2024 has witnessed significant changes in the ransomware ecosystem. In the Ransomware Radar Report, Rapid7 Labs researchers conducted independent research and analyzed data samples from Rapid7’s incident response teams to uncover trends in attacker behavior that could indicate a paradigm shift in the way these groups operate.
11,000+ customers are safer, and so is everybody else
Rapid7 Labs holds a slew of AI patents that power risk and threat analysis, and detect threats faster and prioritize vulnerabilities better.
In 2023, we tracked over 160 state-sponsored attacks—from one-off APT attacks to ongoing tracking of almost daily activity from APT groups.
Our open-source projects like Metasploit, Velociraptor, and AttackerKB have bi-directional feeds into our platform solutions.
Get easy insight into public internet exposure with Project Doppler, informed by Sonar scans and our honeypot network Project Lorelei.
Real-time emergent threat guidance
Between Rapid7 Labs and our 24/7 follow-the-sun MDR, we observe 3.3 trillion security events every week. We perform in-depth technical analysis of emergent attack vectors, follow attacks as they evolve, and communicate indicators of compromise and next-step guidance in real time—click below to see our latest emergent threat coverage
Building a more secure future with open source communities
Velociraptor
The industry-leading digital forensic and incident response (DFIR) tool that allows you to collect forensic evidence, hunt for threats, and continuously monitor event data on your endpoints.
Learn more
Metasploit
Penetration testing software with a growing database of exploits so you can simulate real-world attacks on your network and train your security team to spot and stop the real thing.
Learn more
AttackerKB
Alongside the greater security community, discuss, analyze, and expand your knowledge of conditions and characteristics that make vulnerabilities exploitable by attackers.
Learn moreYour data may be everywhere, but so are we
Get insight into widely exploited vulns, ransomware, and dark web marketplaces anytime with this on-demand webinar.
Take attackers out before they pop you. It’s proactive, comprehensive coverage for your entire environment from the endpoint to the cloud.
Japan is an economic juggernaut with subsidiaries and affiliates at unique and elevated risk of attack around the world. Of course Rapid7 Labs studied it.
Expert intelligence infused into Rapid7 products and services
Intelligence from Rapid7 Labs is built into our products and service offerings to help prioritize risks and uncover threats. This includes vulnerability checks in InsightVM, behavioral detections in InsightIDR and MDR, attack modules in InsightAppSec, exploits in Metasploit, and more.
Elite research and intelligence teams doing unambiguous good
Chief Scientist
Raj won the prestigious Peter Szor award (2015) for the best piece of technical security research conducted each year. He’s also been inducted into the Infosecurity Europe Hall of Fame.
Security Research
Caitlin directs our vulnerability researchers, exploit developers, emergent threat analysts, and the Metasploit team. She’s regularly quoted by ZDNet and Dark Reading.
Threat Analytics
A regular speaker at RSA and Black Hat, Christiaan leads intelligence teams, gathering threat data, inventing new research techniques, data correlation and publications.