4 min
Penetration Testing
Lessons Learned from an Unlikely Path to My OSCP Certification
In this blog, our own Patrick Laverty discusses lessons learned from his path to a Offensive Security Certified Professional (OSCP) certification.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
4 min
Haxmas
The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference
Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.
4 min
Research
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?
5 min
Penetration Testing
Password Tips from a Pen Tester: Taking the Predictability Out of Common Password Patterns
Humans are predictable. As unique as we like to think we all are, our actions tend to be similar—and our choices when creating a password are no different.
2 min
Penetration Testing
Password Tips from a Pen Tester: What is Your Company’s Default Password?
Welcome back to Password Tips From a Pen Tester.
The first day on the job: We fill out all the requisite paperwork for Human
Resources and get a computer and our network password. That password is often
something easy to remember, and is often the same for every new employee. It
might be Welcome1, ChangeMe! or one of our old favorites, the SeasonYear (ie.
Summer2018). If a new employee is having trouble signing in for the first time
and they call the help desk, they can easily get the help they
3 min
Penetration Testing
Password Tips From a Pen Tester: Common Patterns Exposed
When my colleagues and I are out on penetration tests, we have a fixed amount of
time to complete the test. Efficiency is important. Analyzing password data like
we’re doing here helps pen testers better understand the likelihood of password
patterns and choices, and we use that knowledge to our advantage when we perform
penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/]
service engagements at Rapid7.
In my experience, most password complexity policies require at l
3 min
Penetration Testing
Password Tips From a Pen Tester: 3 Passwords to Eliminate
Every week, Rapid7 conducts penetration testing services for organizations that
cracks hundreds—and sometimes thousands—of passwords. Our current password trove
has more than 500,000 unique passwords that have been collected over the past
two years. Where do these come from? Some of them come from Windows domain
controllers and databases such as MySQL or Oracle; some of them are caught on
the wire using Responder [https://github.com/lgandx/Responder-Windows], and some
are pulled out of memory wi
4 min
Application Security
What Is User Enumeration?
User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system.
5 min
Metasploit
Pentesting in the Real World: Gathering the Right Intel
This is the first in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
So