4 min
InsightVM
The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue
In this blog, we discuss lessons learned from RDP exploits such as BlueKeep and DejaBlue, and how organizations can be protected form future vulnerabilities.
5 min
InsightAppSec
New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security
Rapid7 is excited to announce the release of a new extension to incorporate InsightAppSec within Azure DevOps Pipelines.
10 min
Detection and Response
Unlocking the Power of the InsightIDR Threat API, Part 2
In this post, we’ll demonstrate how to scrape a few sites for possible bad actors using InsightIDR.
1 min
Metasploit
Metasploit Wrap-Up 11/1/19
This week's Metasploit wrap-up ships a new exploit module against Nostromo, a
directory traversal vulnerability that allows system commands to be executed
remotely. Also, improvements have been made for the grub_creds module for better
post exploitation experience against Unix-like machines. Plus a few bugs that
have been addressed, including the -s option for NOPs generation, the
meterpreter prompt, and reverse_tcp hanging due to newer Ruby versions.
New modules (1)
* Nostromo Directory Trave
3 min
Podcast
From Security Police to Security Advocates: How to Create a Champion Program
In our most recent episode of Security Nation, we had the pleasure of speaking with Mark Geeslin about his work creating an internal Security Mavens program at Asurion.
7 min
Penetration Testing
This One Time on a Pen Test, Halloween Edition: An Ode to Our Favorite Pen Tester Disguises
In honor of Halloween, we wanted to celebrate by sharing a few of our Rapid7 pen testers’ costumed crusades.
7 min
InsightIDR
Be Audit You Can Be, Part 1: How to Securely Send and Monitor Your Audit Logs with InsightIDR
In this blog, we discuss how to collect the audit trail from a device or application using InsightVM and InsightIDR.
1 min
InsightConnect
End-to-End Office 365 Administration with InsightConnect
Rapid7 is excited to announce new integrations between InsightConnect and Office 365.
3 min
Application Security
Application Security Testing + Monitoring with DAST and RASP: A Two-Pronged Approach
For full coverage of your apps, you’ll require multiple application security solutions, such as DAST and RASP.
2 min
Metasploit
Metasploit Wrap-Up 10/25/19
Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help
find the systems that need URGENT attention. Be sure
to check the options on this one; RPORTS is a list to test multiple services on
each target. Thanks Ben Seri for the PoC that
lead off this work.
Everyone likes creds, a new post module
landed this week
from Taeber Rapczak that brings back credent
3 min
InsightConnect
Accelerating Incident Response with Threat Intelligence and Alert Enrichment
Rapid7 continues to invest in making automation more accessible for security professionals across the entire Insight Cloud product suite and our standalone SOAR solution, InsightConnect.
5 min
Cybersecurity
National Cybersecurity Awareness Month 2019: Must-Read Blogs on ‘Secure IT’
In this blog, we will highlight must-read blog posts that align with NCSAM’s “Secure IT” sub-themes of strong passwords, MFA, work secure, phishing, and e-commerce.
2 min
InsightConnect
How to Build Custom Plugins for InsightConnect
We’ve recently added new capabilities that will empower you to quickly build your own plugins and import them into InsightConnect to further orchestrate your processes.
4 min
InsightVM
5 Steps to Go from Patch Management to Vulnerability Management
The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.
3 min
Events
Cyber Takes Flight: My Experience Competing in the Atlantic Council’s Cyber 9/12 Strategy Challenge
This year, Rapid7 flew the winning team of the UK Cyber 9/12 Strategy Challenge to Las Vegas to attend DEF CON This is their experience.