2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Sep. 11, 2020
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.
4 min
InsightVM
How to Track and Remediate Default Account Vulnerabilities in InsightVM
In this blog post, we discuss older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM.
2 min
Penetration Testing
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.
3 min
SOAR
How Rapid7 Is Transforming an On-Premises SOAR Tool into a Cloud-First Automation Platform
In this blog, we discuss how Rapid7 Is transforming an on-premises SOAR tool into a cloud-first automation platform.
3 min
Vulnerability Management
Patch Tuesday - September 2020
129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday
(2020-Sep Patch Tuesday)
Despite maintaining the continued high volume of vulnerabilities disclosed and
patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday
is seemingly calm from an operations perspective -- at first glance.
While following standard procedures of scheduling the patching for Windows OSes
up front immediately closes the door against 60%+ of the vulnerabilities being
disclosed this
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/4/20
New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.
7 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of FTP
In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.
2 min
Penetration Testing
This One Time on a Pen Test: Playing Social Security Slots
This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.
3 min
Rapid7 Perspective
Why I Joined Rapid7
In this blog, Jeff Gardner, Rapid7's new Detection & Response Practice Advisor, discusses why he decided to join Rapid7.
2 min
Metasploit
Metasploit Wrap-Up: Aug. 28, 2020
Give me your hash
This week, community contributor HynekPetrak
added a new module
for dumping passwords and hashes stored as attributes in LDAP servers. It uses
an LDAP connection to retrieve data from an LDAP server and then harvests user
credentials in specific attributes. This module can be used against any kind of
LDAP server with either anonymous or authenticated bind. Particularly, it can be
used
8 min
NICER Reports
NICER Protocol Deep Dive: Secure Shell (SSH)
In the second installment of our NICER Protocol Deep Dive blog series, we cover Secure Shell (SSH).
3 min
InsightVM
How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7
To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.
6 min
Public Policy
Internet of Things Cybersecurity Regulation and Rapid7
Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.
3 min
InsightIDR
InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges
Grab some popcorn and watch as Rapid7’s demo video gives you a glimpse of InsightIDR in action.
5 min
Career Development
Life as a Rapid7 Rotato: Launch Your Career
In this program, we look to hire recent graduates who are ready to bring cutting-edge ideas, work with amazing teams, and develop as professionals.