4 min
InsightConnect
Security Orchestration and Automation: Not Just for Mature Organizations
Think that security, orchestration, and automation (SOAR) is only for mature organizations? Think again. Here are some ways your company can benefit from SOAR solutions.
4 min
Research
This One Time on a Pen Test, Part 5: From Physical Security Weakness to Strength
During a physical social engineering penetration test, I easily got into the office with the help of a copied badge and polite employees. But would the company learn its lesson?
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 9/28/18
Trevor Forget: Metasploit Town Hall @ Derbycon
Metasploit’s Brent Cook , Adam Cammack
, Aaron Soto , and Cody Pierce are offering
themselves up to the crowds at this year’s fourth annual Metasploit Town Hall at
Derbycon . Heading to bourbon country next weekend?
Block off your 5 PM hour on Saturday, October 6 to join the team as they unveil
some new hotness in Metasploit Framework and take questions and requests
8 min
Windows
PowerShell: How to Defend Against Malicious PowerShell Attacks
By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.
4 min
Threat Intel
How Cybercriminals Use Pinterest to Run Fraud Scams
There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.
4 min
Research
Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
On penetration tests, the three most common passwords are a variation of company name, the season/year, and a variation of “password.” But what happens if we lengthen the password requirement?
2 min
Application Security
The Newegg Breach: PCI Means Nothing to Magecart
Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.
3 min
Penetration Testing
Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon
Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.
2 min
Penetration Testing
This One Time on a Pen Test, Part 4: From Zero to Web Application Admin through Open-Source Intelligence Gathering
Open source intelligence gathering (OSINT) can sometimes take a backseat to more glamorous parts of pen tests—but in this case, it saved us.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 9/21/18
Tomorrow brings the fall equinox, and that means (as we are almost contractually obligated to say at this point) winter is coming.
2 min
Compliance
The British Airways Breach: PCI is Not Enough
Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.
3 min
Automation and Orchestration
Introducing Security Orchestration and Automation (SOAR) on the Rapid7 Insight Platform
Rapid7 is proud to officially announce orchestration and automation on our Insight platform, with automation taking shape in a number of existing products and our new SOAR offering, Rapid7 InsightConnect.
3 min
InsightIDR
Detecting Inbound RDP Activity From External Clients
Today, we discuss how to detect inbound RDP activity from external clients.
4 min
Threat Intel
Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.
3 min
Penetration Testing
Pen Test, Part 3: Jumping a Fence and Donning a Disguise
Here is the story of how I jumped a fence and broke into a construction vehicle to take control of an energy company's network.