7 min
Penetration Testing
This One Time on a Pen Test, Halloween Edition: An Ode to Our Favorite Pen Tester Disguises
In honor of Halloween, we wanted to celebrate by sharing a few of our Rapid7 pen testers’ costumed crusades.
7 min
InsightIDR
Be Audit You Can Be, Part 1: How to Securely Send and Monitor Your Audit Logs with InsightIDR
In this blog, we discuss how to collect the audit trail from a device or application using InsightVM and InsightIDR.
1 min
InsightConnect
End-to-End Office 365 Administration with InsightConnect
Rapid7 is excited to announce new integrations between InsightConnect and Office 365.
3 min
Application Security
Application Security Testing + Monitoring with DAST and RASP: A Two-Pronged Approach
For full coverage of your apps, you’ll require multiple application security solutions, such as DAST and RASP.
2 min
Metasploit
Metasploit Wrap-Up 10/25/19
Is URGENT/11 urgent to your world? Metasploit now has a scanner module to help
find the systems that need URGENT attention. Be sure
to check the options on this one; RPORTS is a list to test multiple services on
each target. Thanks Ben Seri for the PoC that
lead off this work.
Everyone likes creds, a new post module
landed this week
from Taeber Rapczak that brings back credent
3 min
InsightConnect
Accelerating Incident Response with Threat Intelligence and Alert Enrichment
Rapid7 continues to invest in making automation more accessible for security professionals across the entire Insight Cloud product suite and our standalone SOAR solution, InsightConnect.
5 min
Cybersecurity
National Cybersecurity Awareness Month 2019: Must-Read Blogs on ‘Secure IT’
In this blog, we will highlight must-read blog posts that align with NCSAM’s “Secure IT” sub-themes of strong passwords, MFA, work secure, phishing, and e-commerce.
2 min
InsightConnect
How to Build Custom Plugins for InsightConnect
We’ve recently added new capabilities that will empower you to quickly build your own plugins and import them into InsightConnect to further orchestrate your processes.
4 min
InsightVM
5 Steps to Go from Patch Management to Vulnerability Management
The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.
3 min
Events
Cyber Takes Flight: My Experience Competing in the Atlantic Council’s Cyber 9/12 Strategy Challenge
This year, Rapid7 flew the winning team of the UK Cyber 9/12 Strategy Challenge to Las Vegas to attend DEF CON This is their experience.
2 min
Metasploit
Metasploit Wrap-Up 10/18/19
Nagios XI post module
Nagios XI may store the credentials of the hosts it monitors, and with the new
post module by Cale
Smith , we're now able to extract the Nagios
database content along with its SSH keys and dump them into the MSF database.
With the addition of this new post module, we can conveniently increase the
opportunities for lateral movement.
Environment-based API token authentication
Our own ekel
2 min
Research
What a Difference a Year Makes: Revisiting Our Inaugural Fortune 500 ICER One Year Later
It's now been a year since we released our first Fortune 500 ICER, so we decided to take a quick look at a key control, DMARC, to look for improvements.
4 min
InsightVM
InsightVM vs. Managed Vulnerability Management: How to Choose Which Rapid7 Offering Is Right for You
In this blog, we explain our two vulnerability management offerings—InsightVM and our Managed Vulnerability Management Service—so you can make an informed decision about which is right for you.
13 min
InsightIDR
Import External Threat Intelligence with the InsightIDR Threats API
In this blog, we explain how to automate updating threat feeds in InsightIDR using the REST API.
4 min
Podcast
How BlackICE Creator Rob Graham Became a Security Textbook Author
On this week’s episode of Security Nation, we spoke with Rob Graham, the founder of Errata Security Consultancy, well-known security blogger, and soon-to-be book author.