Rapid7 Cybersecurity Blog

1 min Metasploit

msfconsole failing to start? Try 'msfconsole -n'

As part of the last release, the Metasploit Engineering team here at Rapid7 has been on a path of refactoring in the Metasploit open source code in order to make it more performant and to get toward a larger goal of eventually breaking up the framework into a multitude of libraries that can be used and tested in a standalone way. This effort will make it easier to deliver features and respond to issues more quickly, as well as ensure that regressions and bugs can get diagnosed, triaged, and fix

4 min Metasploit

Hunting for Credentials: How Metasploit Pro Beat Me on the Command Line

By guest blogger Robert Jones, Information Security Manager, City of Corpus Christi I had the opportunity to participate in a tech preview of Metasploit Pro's new credentials features. In our shop, we use Metasploit Pro, Nexpose, UserInsight and ControlsInsight, all by Rapid7. I certainly wish I could spend the majority of my time pentesting, but instead I often times I find myself using Metasploit to educate users by showing them how I can compromise their machines. It is incredibly compelli

6 min IT Ops

An APM Solution Divided Cannot Stand

This post originally appeared onthe Smart Bear blog . To read more content like this, subscribe to the Software Quality Matters Blog . Frustrations with lack of tool unification might just lead to revolution in the APM space… Application Performance Management (APM) is a broad concept, and many technologies fall under its umb

3 min IT Ops

Evolve, Don't Revolve

Logs have been around for a while, not quite as long as the wheel, but not far off. Here at Logentries, we have the mantra of evolve don’t revolve (as in don’t sit around spinning your wheels getting nowhere). We are taking this concept and looking to evolve the way you work with and think about your log data. Gone are the old days, where you only used logs to find exceptions. A new day has dawned, and the future is here, the future is Logentries (

2 min Metasploit

Metasploit Pro's New Credentials Features Save Us Time in Workflows

By guest blogger Dustin Heywood, Manager, Security Assurance, ATB Financial Recently I was invited to participate in Metasploit Pro's Tech Preview Program, where customers are given early access to new product releases. I've taken part in this program before and I have always loved the experience. For those of you who haven't been involved in a Rapid7 Tech Preview program: It starts out with a call with the customer engagement manager and the product management team, who gave me an overview

3 min

Improving Visibility into your Security Program – the Risk Scorecard Report

One of the most strenuous aspects of managing your security program is understanding where to focus your time and effort. It can be a challenge to balance providing consistent progress updates to your stakeholders and working with your IT teams to prioritize and remediate issues based on the most accurate data available at that time. Communication is critical, yet how do you know what to target and how do you share this information with your organization? Nexpose has the perfect tool to help yo

1 min Microsoft

Patch Tuesday - August 2014

Microsoft clearly wants everyone to shake off the dog days of summer and pay attention to patching. This month's advance notice contains nine advisories spanning a range of MSFT products. We have the ubiquitous Internet Explorer all supported versions patch (MS14-051), with the same likely caveat that this would apply to Windows XP too, if Microsoft still supported it. This patch addresses the sole vulnerability to be actively exploited in the wild from in this month's crop of issues, CVE-201

4 min IT Ops

JSON logging in Apache and Nginx with Logentries

I’m often asked on calls with our customers what is the preferred format for log data being sent to Logentries . While we pride ourselves on being the Log Management tool that is easiest to setup a

4 min IT Ops

How D3 can help you build effective data visualizations

Data Visualization is the method of consolidating data into one collective, illustrative graphic. Traditionally, data visualization has been used for quantitative work, but ways to represent qualitative work have been shown to be equally powerful. The main goal of data visualization, is to communicate information clearly and effectively through graphical means. That doesn’t mean that it needs to look boring to be functional or extremely sophisticated to look beautiful. In order to achieve a bala

2 min Events

Metasploit Race to Root and Loginpalooza

Race to Root Unless you've gotten to this blog by freak accident, you are certain to be aware that next week is Black Hat USA 2014, and of course, we'll be there. You can find us at Booth #541, where we'll be running the Metasploit Race to Root, using the latest pre-release build of Metasploit Pro. Now, this is not just a contest to see who can get their badge scanned the fastest. Oh no. This is a real, hands-on micro-sized capture the flag competition, run by our capable and talented in-house

4 min

I don't always write my own web application fingerprints, but when I do, I use XML

One of the awesome things about Nexpose is its extensibility. Nexpose now allows you to write your own custom web application fingerprints, using a combination of XPath and regular expressions. Coupled with the ability to add your own custom checks , this allows you to write your own web application vulnerability coverage. This fingerprinting functionality can be used on any web application that provides its version i

5 min IT Ops

Smart Continuous Delivery Using Automated Testing

This post is building on a recent post highlighting recommendations on how to simplify your unit testing by using the right set of tools (Smart Integration Testing with Dropwizard, Flyway and Retrofit ). As a company like Logentries rapidly grows, and the number of product features increases, an important question arises around maintaining the highest level quality and user experience. That level is usually where the

2 min IT Ops

4 Ways to Use Centralized Log Management for Improved Production Monitoring

Is your team focused on preventing outages and minimizing downtime in production? Time to resolution is one of the most important operational KPIs for Ops teams, becauseany time that your application is down, is too long for your users. Whether it’s minutes, hours, or (in a worst case-scenario) days, any time that your systems are down, your business is losing money; and more importantly, customer trust and satisfaction. This creates additional pressure on your team and hurts employee morale. By

3 min Nexpose

Microsoft False Positives: "The update is not applicable to your computer"

One of the most common false positive cases we see from a support perspective is a situation where Nexpose reports a vulnerability because a specific patch is not installed, but when you try to apply the patch, the system will not let you install it and says the patch is not applicable. In many cases, this ends up being caused by another patch that is installed on the system that prevents the patch you are trying to install from being installed. Sometimes the patch that is installed and preven

3 min Events

Weekly Metasploit Update: Countdown to DEFCON

Don't Be (too) Naked in Vegas Wow, it's exactly two more weeks today until DEFCON. While Rapid7 has had a vendor presence at Black Hat for many years (at booth #541), this year is, I believe, the first time that we'll have a vendor table at DEFCON. I'm super stoked about both gigs, since the Black Hat booth will give us an opportunity to unload give away a fresh new batch of Metasploit T-Shirt Design contest

All Posts