3 min
Podcast
Building a Daily Threat Simulation Tool with Todd Beebe
In our latest episode of Security Nation, we sat down to talk with Todd Beebe about the automated threat simulation system that he built for his current employer.
5 min
InsightAppSec
Automating Application Security Testing Within Your Atlassian Bamboo Pipelines
Rapid7 is excited to announce a new plugin for Atlassian Bamboo with the goal of integrating InsightAppSec into the software development life cycle (SDLC).
3 min
Metasploit
Metasploit Wrap-Up: Dec. 13, 2019
Powershell Express Delivery
The web_delivery module
is often used to deliver a payload during post exploitation by quickly firing up
a local web server. Since it does not write anything on target’s disk, payloads
are less likely to be caught by anti-virus protections. However, since Microsoft
added Antimalware Scan Interface (AMSI)
3 min
Application Security
The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment
In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.
3 min
Security Operations (SOC)
Building a Culture of Security Awareness: How to Use Performance Metrics to Communicate SOC Effectiveness Throughout Your Org
In this blog, we break down which SOC performance metrics to report to your organization and how to measure your impact.
3 min
InsightConnect
Global Artifacts Now Available in InsightConnect
Rapid7 is excited to announce the release of Global Artifacts to enhance the capabilities provided by InsightConnect, Rapid7’s SOAR solution.
4 min
IoT
IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.
2 min
Patch Tuesday
Patch Tuesday - December 2019
Today we come to the end of 2019's monthly Microsoft Patch Tuesday
(also known as Update Tuesday). This Christmas, Microsoft presents us with 36
vulnerabilities (that's two less than this time last year!) and no new
vulnerabilities from Adobe for Adobe Flash.
Unfortunately, despite a light month, there's still action to be taken.
CVE-2019-1458
12 min
Labs
How I Shut Down a (Test) Factory with a Single Layer 2 Packet
In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.
3 min
Metasploit
Metasploit Wrap-Up: 12/6/19
Management delegation of shells
Onur ER contributed the Ajenti auth username
command
injection exploit
module for the vulnerability Jeremy Brown discovered and published a PoC for on
2019-10-13 (EDB 47497) against Ajenti version 2.1.31. Ajenti is an open-source
web-based server admin panel written in Python and JS. The application allows
admins to remotely perform a variety of server management tasks. The
ex
3 min
Application Security
Hidden Helpers: Security-Focused HTTP Headers to Protect Against Vulnerabilities
In our second installment of the 'Hidden Helpers' series, we discuss security-focused HTTP headers and how they can protect against vulnerabilities.
3 min
InsightIDR
InsightIDR Now Available for Purchase in AWS Marketplace
Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.
8 min
Podcast
Discovering a New Path in Asset Discovery: A Q&A with Metasploit Founder HD Moore
In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore.
2 min
Threat Intel
Kilos: The Dark Web’s Newest – and Most Extensive – Search Engine
Kilos allows buyers to search for products across numerous dark web sites.
3 min
Cybersecurity
5 Types of Cybersecurity Attacks to Watch Out for This Black Friday and Cyber Monday
With the holiday season right around the corner, here are five types of cybersecurity attacks to be wary of during Black Friday and Cyber Monday shopping.