All Posts

[The Lost Bots] Episode 6: D&R + VM = WINNING!

In this episode, Practice Advisor Devin Krugly joins to discuss how Detection and Response + Vulnerability Management = a winning combination.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 10/1/21

More post modules than we've ever put out in a single release before, courtesy of a university project to add credential gathering capabilities based on the PackRat toolset.

3 min Cybersecurity

National Cybersecurity Awareness Month: How Security Pros Can Get Involved

To kick off National Cybersecurity Awareness Month 2021, we're providing some ideas for how security pros can spread knowledge around this year's themes.

3 min Application Security

The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

In this post, we discuss the 2021 OWASP Top 10 and how the list is evolving alongside the web application security.

3 min Cloud Security

To the Left: Your Guide to Infrastructure as Code for Shifting Left

Shifting cloud security left helps teams catch misconfigurations, avoid security bottlenecks, and keep both DevOps and SecOps happy.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/24/21

A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.

10 min Ransomware

Ransomware: Is Critical Infrastructure in the Clear?

Is critical infrastructure in the clear, is it a specific target of ransomware attackers, or is it simply on the same footing as any other organization?

3 min Metasploit

Easier URI Targeting With Metasploit Framework

Streamline your Metasploit with Metasploit 6.1.4's new support for RHOST URI values

5 min Career Development

Rapid7 Technical Support: Building a Career Path With Endless Possibilities

We talked with a few of our Technical Support Engineers to hear about why they chose to join Rapid7 and their career growth so far.

2 min Emergent Threat Response

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.

2 min Cybersecurity

Rapid7 Statement on the New Standard Contractual Clauses for International Transfers of Personal Data

Rapid7 is committed to upholding high standards of privacy and security for our customers, and we are pleased to be able to offer the New SCCs.

3 min InsightAppSec

Login Authentication Goes Automated With New InsightAppSec Improvements

With our new automated login for InsightAppSec, even the most complex, modern applications can be accessed and scanned quickly and easily. Learn more.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/17/21

New modules for Jira user enumeration, Git Remote Code execution via git-lfs, Geutebruck Camera post exploitation module, and unauthenticated RCE in elFinder PHP application

3 min Detection and Response

SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal

The SANS Institute has conducted its sixth annual Threat Hunting Survey. Read this post for a preview of the survey's findings and its takeaways.

5 min Ransomware

The Ransomware Killchain

How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.