All Posts

This One Time on a Pen Test: I’m Calling My Lawyer!

In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.

4 min SOAR

How Rapid7 Is Transforming an On-Premises SOAR Tool into a Cloud-First Automation Platform

In this blog, we discuss how Rapid7 Is transforming an on-premises SOAR tool into a cloud-first automation platform.

3 min Vulnerability Management

Patch Tuesday - September 2020

129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday) Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance. While following standard procedures of scheduling the patching for Windows OSes up front immediately closes the door against 60%+ of the vulnerabilities being disclosed this

4 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/4/20

New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.

7 min NICER Reports

NICER Protocol Deep Dive: Internet Exposure of FTP

In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.

2 min Penetration Testing

This One Time on a Pen Test: Playing Social Security Slots

This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.

3 min Rapid7 Perspective

Why I Joined Rapid7

In this blog, Jeff Gardner, Rapid7's new Detection & Response Practice Advisor, discusses why he decided to join Rapid7.

2 min Metasploit

Metasploit Wrap-Up: Aug. 28, 2020

Give me your hash This week, community contributor HynekPetrak added a new module for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This module can be used against any kind of LDAP server with either anonymous or authenticated bind. Particularly, it can be used

8 min NICER Reports

NICER Protocol Deep Dive: Secure Shell (SSH)

In the second installment of our NICER Protocol Deep Dive blog series, we cover Secure Shell (SSH).

3 min InsightVM

How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7

To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.

6 min Public Policy

Internet of Things Cybersecurity Regulation and Rapid7

Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.

3 min InsightIDR

InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges

Grab some popcorn and watch as Rapid7’s demo video gives you a glimpse of InsightIDR in action.

5 min Career Development

Life as a Rapid7 Rotato: Launch Your Career

In this program, we look to hire recent graduates who are ready to bring cutting-edge ideas, work with amazing teams, and develop as professionals.

2 min Metasploit

Metasploit Wrap-Up: 8/21/20

Setting module options just got easier! Rapid7's own Dean Welch added a new option to framework called RHOST_HTTP_URL, which allows users to set values for multiple URL components, such as RHOSTS, RPORT, and SSL, by specifying a single option value. For example, instead of typing set RHOSTS example.com, set RPORT 5678, set SSL true, you can now accomplish the same thing with the command set RHOST_HTTP_URL