All Posts

What Really Happened to the Dark Web Insider Trading Forum KickAss?

The dark web forum KickAss was apparently seized by the US government, but there is much speculation over what really happened.

3 min Research

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.

4 min Penetration Testing

Why a 17-Year Veteran Pen Tester Took the OSCP

Why would a 17-year veteran penetration tester undergo the somewhat costly, time-consuming, and challenging ordeal to obtain what may be considered an entry-level certification?

2 min Metasploit

Metasploit Wrapup 1/25/19

Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!

3 min Detection and Response

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

According to the PHP Extension and Application Repository (PEAR), a security breach had been found on the `pear.php.net` web server.

4 min InsightConnect

How Rapid7’s Orchestration and Automation Solution Boosted a Higher Education Security Team’s Effectiveness

We recently had the opportunity to sit down with Adam Elliott to discuss why his team chose Rapid7 and how our solution has increased the overall effectiveness of his security team.

1 min Metasploit

Metasploit Wrapup 1/18/19

This week, phra offers up a new potato dish to make privilege escalation in Windows just a bit tastier.

3 min Rapid7 Perspective

Rapid7 Included in 2019 Bloomberg Gender-Equality Index for Commitment to Diversity

We are extremely proud to announce that Rapid7 has been included in the 2019 Bloomberg Gender-Equality Index (GEI), which recognizes organizations for being transparent in their commitment to gender equality. We are thrilled by this, as the GEI’s scoring method celebrates both our best-in-class elements, as well as our willingness to disclose our efforts toward creating a gender-neutral organization. It also helps us to understand our performance and identify opportunities to continue to learn a

2 min Vulnerability Management

What WannaCry Taught Me About the Benefits of Agents in VM Programs

In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.

3 min AWS

How AWS and InsightVM Can Help You Securely Move to the Cloud

No one can deny that cloud adoption is increasing at a fast rate. Though moving to the cloud offers many advantages—such as speed of development, cost savings, and reduced overhead—one of the implications of adoption is that customers must change the way they approach security to adapt to hybrid and fully cloud infrastructure. As this happens, security practitioners have to consider how to use their current on-premises tools in both hybrid and fully cloud environments. The onus is on security v

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 1/12/19

MSF 5 in the wild We announced the release of Metasploit Framework 5.0 this week. It’s Metasploit’s first major version release since 2011, and it includes lots of good stuff the team has been working on for the past year-plus. It will be packaged and integrated into your favorite software distributions over the next few months; until then, you can get MSF 5 by checking out the 5.0.0 tag

5 min Metasploit

Metasploit Framework 5.0 Released!

We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year.

2 min InsightVM

Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities

InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.

4 min Phishing

What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs

I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.