Under the Hoodie 2019

Research, stories, and findings from Rapid7 penetration tests

Up next:

Dig deeper into the art of penetration testing.

Read the Report

Pinpoint Your Problem Areas with the Pros

With our “Under the Hoodie” report revealing that 96% of penetration testing engagements saw at least one vulnerability exposed to attackers, it’s clear that penetration testing remains an essential component of a holistic vulnerability management strategy. With Rapid7 penetration testing services, you get a real-world view of how attackers could exploit your vulnerabilities, along with guidance on how to stop them.

Test your skills or hire a professional.

So You Think You Can Hack...

Our latest Under the Hoodie report shows that social engineering is here to stay for attackers. Whether you’re a pen tester or a security pro, these are the attack techniques you need to be aware of when shoring up (or testing) your defenses.

Ready to show off your skills? Good luck!

Finished! Your score: /10
Restart Quiz
Note the URI prefix associated with each “attachment.” The first image (A) has the URI with the familiar https://mail.google prefix. The second image (B) isn’t actually an attachment at all, but an image with a web link. Attackers (or pen testers) may use lookalike graphics, images, and links to lure recipients into a false sense of safety, only to click on corrupt files or be led to lookalike domains where they forfeit over credentials into hackers’ waiting hands.
Next Question

Some See a Hacker. We See an Expert.

Rapid7 offers our cloud SIEM, InsightIDR, as well as a range of penetration testing services to meet the needs of security and IT professionals. Let us show you how we leverage industry and attacker knowledge to help you bolster your defenses.

Q&A with Rapid7 Pen Tester Aaron Herndon
What’s your favorite exploit? What's the quickest time you've gotten Domain Admin? Read the Q&A with Aaron Herdon to get insights into his tactics, experiences, and perspectives as a Rapid7 pen tester.
Read Now
Webcast: Under the Hoodie Explained
Watch the on-demand Webcast or an overview of the report’s most significant findings and how you can use the data to detect and prevent breaches on your own network.
Watch now