All Posts

How to Deploy a SIEM That Actually Works

In this guest post, Rapid7 customer Robert Holzer shares three critical steps for a successful SIEM deployment.

Metasploit Weekly Wrap-Up: 9/23/22

Have you built out that awesome media room? If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote . I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member h00die added a module this week that uses a recently published vulnerability from H4RK3NZ0 to leverage an unprot

5 min Threat Intel

Threat Intel Enhances Rapid7 XDR With Improved Visibility and Context

After the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings to our product portfolio is unmistakable.

5 min Detection and Response

Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity

Should your team adopt XDR, and if yes, how do you evaluate vendors to determine the best approach? This post takes a closer look.

5 min SOAR

How to Accelerate Your SOAR Program to Full Speed in Less Than a Year

Here are some reflections and advice about setting up a SOAR program, through the lens of one practitioner's successful and innovative year.

2 min Emergent Threat Response

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.

5 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 16, 2022

BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced a brand new payload type: “custom.” “Custom” payloads use Metasploit stagers to build a stager that will stage whatever shellcode you send it. Got a third-party payload you want to run like Sliver or a

3 min Vulnerability Management

The 2022 SANS Top New Attacks and Threats Report Is In, and It's Required Reading

The latest Top New Attacks and Threat Report from the cybersecurity experts at SANS is here — and the findings are critical for security teams.

7 min Vulnerability Management

Patch Tuesday - September 2022

In this month's Patch Tuesday, we cover the 79 CVEs, including a zero-day privilege escalation, patched by Microsoft this month.

5 min SOAR

Grey Time: The Hidden Cost of Incident Response

The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming.

8 min Vulnerability Management

Getting the most out of your InsightVM console

Here are some of the most common improvements to help you get the most out of your InsightVM console in 2024.

3 min Metasploit

Metasploit Weekly Wrap-Up: 9/9/22

Authenticated command injection vulnerability of Cisco ASA-X with FirePOWER Services: jbaines-r7 added a new module that exploits an authenticated command injection vulnerability CVE-2022-20828 of Cisco ASA-X with FirePOWER Services. This vulnerability affects all Cisco ASA appliances that support ASA FirePOWER module. Note that, although a patch has been added to most recent ASA FirePOWER mod

4 min Cloud Security

Integrating Cloud Security With DevOps and CI/CD Tools

In this post, we dive into a key aspect of our approach: integrating cloud security with developer and DevOps tooling.

7 min Vulnerability Disclosure

Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)

Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare.

2 min Events

VeloCON 2022: Digging Deeper Together!

Have you ever wanted to share your passion and interest in Velociraptor with the rest of the community? VeloCON is your chance!