5 min
Under the Hoodie
2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.
1 min
Under the Hoodie
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Ain’t No Fence High Enough
In this edition of "This One Time on a Pen Test," we discuss an engagement with for an energy company with a high-fence compound.
2 min
Penetration Testing
This One Time on a Pen Test: How I Outwitted the Vexing VPN
In this edition of "This One Time on a Pen Test," we discuss outwitting the vexing VPN.
1 min
Penetration Testing
This One Time on a Pen Test: Our Accidental Win
In this blog, we recall one pen test where a placeholder password we put in actually worked with one login account.
1 min
Penetration Testing
This One Time on a Pen Test: What’s in the Box?
Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.
2 min
Penetration Testing
This One Time on a Pen Test: Your Mouse Is My Keyboard
In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.
1 min
Penetration Testing
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
2 min
Penetration Testing
This One Time on a Pen Test: Missed a Spot
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.
2 min
Penetration Testing
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.
4 min
Research
This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength
During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?
2 min
Penetration Testing
This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering
Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.