All Posts

New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security

Rapid7 is excited to announce the release of a new extension to incorporate InsightAppSec within Azure DevOps Pipelines.

10 min Detection and Response

Unlocking the Power of the InsightIDR Threat API, Part 2

In this post, we’ll demonstrate how to scrape a few sites for possible bad actors using InsightIDR.

1 min Metasploit

Metasploit Wrap-Up 11/1/19

This week's Metasploit wrap-up ships a new exploit module against Nostromo, a directory traversal vulnerability that allows system commands to be executed remotely. Also, improvements have been made for the grub_creds module for better post exploitation experience against Unix-like machines. Plus a few bugs that have been addressed, including the -s option for NOPs generation, the meterpreter prompt, and reverse_tcp hanging due to newer Ruby versions. New modules (1) * Nostromo Directory Trave

3 min Podcast

From Security Police to Security Advocates: How to Create a Champion Program

In our most recent episode of Security Nation, we had the pleasure of speaking with Mark Geeslin about his work creating an internal Security Mavens program at Asurion.

7 min Penetration Testing

This One Time on a Pen Test, Halloween Edition: An Ode to Our Favorite Pen Tester Disguises

In honor of Halloween, we wanted to celebrate by sharing a few of our Rapid7 pen testers’ costumed crusades.

7 min InsightIDR

Be Audit You Can Be, Part 1: How to Securely Send and Monitor Your Audit Logs with InsightIDR

In this blog, we discuss how to collect the audit trail from a device or application using InsightVM and InsightIDR.

1 min InsightConnect

End-to-End Office 365 Administration with InsightConnect

Rapid7 is excited to announce new integrations between InsightConnect and Office 365.

3 min Application Security

Application Security Testing + Monitoring with DAST and RASP: A Two-Pronged Approach

For full coverage of your apps, you’ll require multiple application security solutions, such as DAST and RASP.

2 min Metasploit

Metasploit Wrap-Up 10/25/19

Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help find the systems that need URGENT attention. Be sure to check the options on this one; RPORTS is a list to test multiple services on each target. Thanks Ben Seri for the PoC that lead off this work. Everyone likes creds, a new post module landed this week from Taeber Rapczak that brings back credent

3 min InsightConnect

Accelerating Incident Response with Threat Intelligence and Alert Enrichment

Rapid7 continues to invest in making automation more accessible for security professionals across the entire Insight Cloud product suite and our standalone SOAR solution, InsightConnect.

5 min Cybersecurity

National Cybersecurity Awareness Month 2019: Must-Read Blogs on ‘Secure IT’

In this blog, we will highlight must-read blog posts that align with NCSAM’s “Secure IT” sub-themes of strong passwords, MFA, work secure, phishing, and e-commerce.

2 min InsightConnect

How to Build Custom Plugins for InsightConnect

We’ve recently added new capabilities that will empower you to quickly build your own plugins and import them into InsightConnect to further orchestrate your processes.

4 min InsightVM

5 Steps to Go from Patch Management to Vulnerability Management

The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.

3 min Events

Cyber Takes Flight: My Experience Competing in the Atlantic Council’s Cyber 9/12 Strategy Challenge

This year, Rapid7 flew the winning team of the UK Cyber 9/12 Strategy Challenge to Las Vegas to attend DEF CON This is their experience.