Security Advisory Services
Training & Certification
Request a Proposal
User Behavior Analytics
By Compliance Requirement
Find a Partner
Become a Partner
News & Press Releases
Events & Webcasts
Back rooms. Black metal. Two shadowy figures furiously hacking away on the same keyboard at the same time. Thanks to its seemingly sinister objective – breaking into enterprise networks – penetration testing is often considered a dark art. But people just need to get to know it better.
In our latest research paper, “Under the Hoodie: Actionable Research from Penetration Testing Engagements,” we shed light on the “dark art” by revealing the process, techniques, and tools that go into it, as well as the insights you can expect to come out. Based on the results of 100+ pen tests, as well as the real-world experiences of our engineers and investigators, our research reveals the most commonly exploited vulnerabilities, the most commonly leveraged network misconfigurations, and the most effective methods we've found to compromise high-value credentials—all to determine countermeasures you can take to best detect and prevent the truly sinister folks from breaching your network.
Download the report now, then get even more insight on our findings:
Good question. Join our webcast to find out what these findings mean for your organization.
Join the researchers as they dive deeper into the findings and reveal what you can do to better secure your environment.
Thank you for registering for the webcast. We'll be in touch with details by email.
Each year, Rapid7 pen testers complete more than 1,000 assessments. We've collected just a few stories to give you some true insight into what goes on beneath the hoodie.
This real-life story of social engineering owes its success to holes—some figurative, and some big enough to walk through. Find out how our makeshift MacGyver bypassed a bank’s security checkpoints to make a devious deposit that helped him hack from the parking lot.
A penetration test is often a key requirement for compliance and regulations. This toolkit provides an introduction to the core principles and best practices of penetration testing, and how it fits into a larger security program.
Looking to simulate an attack on your network?