4 min
InsightVM
How InsightVM Helps You Save Time and Prove Value
In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: Doing Well With XML
In the latest edition of "This One Time on a Pen Test," we discuss a classic web application engagement involving XML.
4 min
InsightIDR
Easily Explore Your Log Data with a Single Query in InsightIDR
We are delighted to announce that Log Search now supports grouping by multiple fields in your log data.
3 min
Ransomware
Ransomware Payments and Sanctions - U.S. Treasury Advisory
The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.
3 min
Vulnerability Management
Why Every Organization Needs a Vulnerability Management Policy
In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk.
5 min
Metasploit
Metasploit Wrap-Up: Oct. 2, 2020
Windows secrets dump, an 'in' with Safari, and more!
2 min
News
HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know
HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.
6 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of SMTP
In this installment of our NICER Protocol Deep Dive blog series, we discuss internet exposure of SMTP.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: I Know...Everything
In the latest edition of "This One Time on a Pen Test," we follow a Rapid7 penetration tester as they perform an internal network engagement.
6 min
Detection and Response
Rapid7 Introduces “Active Response” for End-to-End Detection and Response
We are excited to announce the launch of our new Active Response capability as a part of our MDR Elite service
9 min
Metasploit
Exploitability Analysis: Smash the Ref Bug Class
Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.
5 min
Research
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.
6 min
Detection and Response
2021 Detection and Response Planning, Part 1: Rapid7’s Jeffrey Gardner Breaks Down How CISOs Should Approach Security Planning for the New Year
To kick off this series, we sat down with Jeffrey Gardner, a former Information Security Officer, and recently appointed Practice Advisor for our Detection and Response portfolio here at Rapid7.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-up: 9/25/20
Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.
6 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of rsync
In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync.