Under the Hoodie 2019

Research, stories, and findings from Rapid7 penetration tests

Up next:
UTH-2019-banner-image.jpg

Dig deeper into the art of penetration testing.

Read the Report

Pinpoint Your Problem Areas with the Pros

With our “Under the Hoodie” report revealing that 96% of penetration testing engagements saw at least one vulnerability exposed to attackers, it’s clear that penetration testing remains an essential component of a holistic vulnerability management strategy. With Rapid7 penetration testing services, you get a real-world view of how attackers could exploit your vulnerabilities, along with guidance on how to stop them.

Test your skills or hire a professional.

So You Think You Can Hack...

Our latest Under the Hoodie report shows that social engineering is here to stay for attackers. Whether you’re a pen tester or a security pro, these are the attack techniques you need to be aware of when shoring up (or testing) your defenses.

Ready to show off your skills? Good luck!

Finished! Your score: /10
Restart Quiz
Note the URI prefix associated with each “attachment.” The first image (A) has the URI with the familiar https://mail.google prefix. The second image (B) isn’t actually an attachment at all, but an image with a web link. Attackers (or pen testers) may use lookalike graphics, images, and links to lure recipients into a false sense of safety, only to click on corrupt files or be led to lookalike domains where they forfeit over credentials into hackers’ waiting hands.
Next Question

Some See a Hacker. We See an Expert.

Rapid7 offers our cloud SIEM, InsightIDR, as well as a range of penetration testing services to meet the needs of security and IT professionals. Let us show you how we leverage industry and attacker knowledge to help you bolster your defenses.

Q&A with Rapid7 Pen Tester Aaron Herndon
What’s your favorite exploit? What's the quickest time you've gotten Domain Admin? Read the Q&A with Aaron Herdon to get insights into his tactics, experiences, and perspectives as a Rapid7 pen tester.
Read Now
Webcast: Under the Hoodie Explained
Watch the on-demand Webcast or an overview of the report’s most significant findings and how you can use the data to detect and prevent breaches on your own network.
Watch now

Dig into the Dark Art

2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.
Rapid7
Dec 08, 2020
Read More
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.
Bri Hand
Nov 18, 2020
Read More
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
Jonathan Stines
Nov 06, 2020
Read More

More Rapid7 Research

At Rapid7, our researchers wear many hats, not just hoodies. Be sure to check out more of our research to see the latest and greatest in the security world.

Learn More