4 min
Automation and Orchestration
How Security Orchestration & Automation Can Add Immediate Value
Thanks to security orchestration and automation (SOAR), it is possible to work efficiently with the resources you already have.
3 min
Threat Intel
What Really Happened to the Dark Web Insider Trading Forum KickAss?
The dark web forum KickAss was apparently seized by the US government, but there is much speculation over what really happened.
3 min
Research
Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know
Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.
4 min
Penetration Testing
Why a 17-Year Veteran Pen Tester Took the OSCP
Why would a 17-year veteran penetration tester undergo the somewhat costly, time-consuming, and challenging ordeal to obtain what may be considered an entry-level certification?
2 min
Metasploit
Metasploit Wrapup 1/25/19
Hi everyone! For those in the US, hope you all had a great MLK weekend. We have a pretty light release due to the holiday, but we still have some cool stuff in the house. Check it out!
3 min
Detection and Response
PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know
According to the PHP Extension and Application Repository (PEAR), a security breach had been found on the `pear.php.net` web server.
4 min
InsightConnect
How Rapid7’s Orchestration and Automation Solution Boosted a Higher Education Security Team’s Effectiveness
We recently had the opportunity to sit down with Adam Elliott to discuss why his team chose Rapid7 and how our solution has increased the overall effectiveness of his security team.
1 min
Metasploit
Metasploit Wrapup 1/18/19
This week, phra offers up a new potato dish to make privilege escalation in Windows just a bit tastier.
3 min
Rapid7 Perspective
Rapid7 Included in 2019 Bloomberg Gender-Equality Index for Commitment to Diversity
We are extremely proud to announce that Rapid7 has been included in the 2019
Bloomberg Gender-Equality Index (GEI), which recognizes organizations for being
transparent in their commitment to gender equality. We are thrilled by this, as
the GEI’s scoring method celebrates both our best-in-class elements, as well as
our willingness to disclose our efforts toward creating a gender-neutral
organization. It also helps us to understand our performance and identify
opportunities to continue to learn a
2 min
Vulnerability Management
What WannaCry Taught Me About the Benefits of Agents in VM Programs
In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.
3 min
AWS
How AWS and InsightVM Can Help You Securely Move to the Cloud
No one can deny that cloud adoption is increasing at a fast rate. Though moving
to the cloud offers many advantages—such as speed of development, cost savings,
and reduced overhead—one of the implications of adoption is that customers must
change the way they approach security to adapt to hybrid and fully cloud
infrastructure.
As this happens, security practitioners have to consider how to use their
current on-premises tools in both hybrid and fully cloud environments. The onus
is on security v
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 1/12/19
MSF 5 in the wild
We announced the release
of Metasploit Framework 5.0 this week. It’s Metasploit’s first major version
release since 2011, and it includes lots of good stuff the team has been working
on for the past year-plus. It will be packaged and integrated into your favorite
software distributions over the next few months; until then, you can get MSF 5
by checking out the 5.0.0 tag
5 min
Metasploit
Metasploit Framework 5.0 Released!
We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year.
2 min
InsightVM
Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities
InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.
4 min
Phishing
What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs
I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.