All Posts

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.

5 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of VNC

In this installment of our NICER Protocol Deep Dive blog series, we cover the internet exposure of VNC.

4 min InsightVM

How InsightVM Helps You Save Time and Prove Value

In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts.

2 min This One Time on a Pen Test

This One Time on a Pen Test: Doing Well With XML

In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.

4 min InsightIDR

Easily Explore Your Log Data with a Single Query in InsightIDR

We are delighted to announce that Log Search now supports grouping by multiple fields in your log data.

3 min Ransomware

Ransomware Payments and Sanctions - U.S. Treasury Advisory

The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.

3 min Vulnerability Management

Why Every Organization Needs a Vulnerability Management Policy

In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk.

5 min Metasploit

Metasploit Wrap-Up: Oct. 2, 2020

Windows secrets dump, an 'in' with Safari, and more!

2 min News

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.

6 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of SMTP

In this installment of our NICER Protocol Deep Dive blog series, we discuss internet exposure of SMTP.

2 min This One Time on a Pen Test

This One Time on a Pen Test: I Know...Everything

In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.

6 min Detection and Response

Rapid7 Introduces “Active Response” for End-to-End Detection and Response

We are excited to announce the launch of our new Active Response capability as a part of our MDR Elite service

9 min Metasploit

Exploitability Analysis: Smash the Ref Bug Class

Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.

5 min Research

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.