5 min
Career Development
Advance Your Career: Life as a Rapid7 Belfast Software Engineer
As we continue to build this team, we are looking for new Moose who exemplify our core values, and are passionate about making a positive impact on our customers.
2 min
Metasploit
Metasploit Wrap-Up: Nov. 6, 2020
Insert 'What Year Is It' meme
h00die contributed the Mikrotik unauthenticated
directory traversal file read
auxiliary gather
module, largely a port of the PoC by Ali Mosajjal .
The vulnerability CVE-2018-14847
allows
any file from the router to be read through the Winbox server in RouterOS due to
a lack of val
2 min
This One Time on a Pen Test
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
1 min
tCell
tCell by Rapid7 Now Available for the European Region
Today, we are excited to announce tCell by Rapid7, our next-gen WAF and RASP solution, is now available in the Rapid7 Insight cloud’s European region.
4 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler
In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of Citrix ADC/NetScaler.
5 min
Research
The Story Behind Security Breaches
There are many potential causes of security breaches, but what is a common root cause? Human error.
9 min
Application Security
Overview of Content Security Policies (CSPs) on the Web
A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/30/20
Support for gathering ProxyUsername and ProxyPassword for saved PuTTY sessions, usability improvements for PsExec modules, and another CTF coming soon.
4 min
National Cybersecurity Awareness Month: Security Pros Offer Top Tips for Staying Safe Online
For National Cybersecurity Awareness Month, we rounded up tips from our network of experts to help you easily shore up your approach to cybersecurity.
3 min
Vulnerability Management
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.
2 min
InsightVM
Rapid7 Announces Improvements to Goals and SLAs in InsightVM
We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.
3 min
Detection and Response
2021 Detection and Response Planning, Part 3: Why 2021 Is the Year for SOC Automation
In this third installment of our series around 2021 security planning, we’re focused on SOC automation.
18 min
InsightVM
Scan Template Best Practices in InsightVM
This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/23/20
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.
5 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of Remote Desktop (RDP)
In this edition of our NICER Protocol Deep Dive blog series, we break down the internet exposure of remote desktop (RDP).