7 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of FTP
In this installment of the NICER Protocol Deep Dive blog series, we cover internet exposure of FTP.
2 min
Penetration Testing
This One Time on a Pen Test: Playing Social Security Slots
This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie during Rapid7 penetration testing engagements.
3 min
Rapid7 Perspective
Why I Joined Rapid7
In this blog, Jeff Gardner, Rapid7's new Detection & Response Practice Advisor, discusses why he decided to join Rapid7.
2 min
Metasploit
Metasploit Wrap-Up: Aug. 28, 2020
Give me your hash
This week, community contributor HynekPetrak
added a new module
for dumping passwords and hashes stored as attributes in LDAP servers. It uses
an LDAP connection to retrieve data from an LDAP server and then harvests user
credentials in specific attributes. This module can be used against any kind of
LDAP server with either anonymous or authenticated bind. Particularly, it can be
used
8 min
NICER Reports
NICER Protocol Deep Dive: Secure Shell (SSH)
In the second installment of our NICER Protocol Deep Dive blog series, we cover Secure Shell (SSH).
3 min
InsightVM
How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7
To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.
6 min
Public Policy
Internet of Things Cybersecurity Regulation and Rapid7
Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.
3 min
InsightIDR
InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges
Grab some popcorn and watch as Rapid7’s demo video gives you a glimpse of InsightIDR in action.
5 min
Career Development
Life as a Rapid7 Rotato: Launch Your Career
In this program, we look to hire recent graduates who are ready to bring cutting-edge ideas, work with amazing teams, and develop as professionals.
2 min
Metasploit
Metasploit Wrap-Up: 8/21/20
Setting module options just got easier!
Rapid7's own Dean Welch added a new option
to framework called
RHOST_HTTP_URL, which allows users to set values for multiple URL components,
such as RHOSTS, RPORT, and SSL, by specifying a single option value. For
example, instead of typing set RHOSTS example.com, set RPORT 5678, set SSL true,
you can now accomplish the same thing with the command set RHOST_HTTP_URL
7 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of Telnet Services
In the first installment of our NICER Protocol Deep Dive blog series, we cover internet exposure of Telnet services.
5 min
InsightVM
Automated External Sonar Scanning Workflow with InsightVM
In this blog post, we discuss an external scanning strategy that you will want to implement with your InsightVM deployment.
4 min
Career Development
Join Team Moose: Become a Rapid7 BDR
The Business Development Representative (BDR) program at Rapid7 is an entry-level program that develops our next generation of successful sales professionals.
2 min
InsightConnect
Stop Attackers in Their Tracks with Insight Agent Quarantine
Rapid7’s Insight Agent is lightweight software you can install on any asset—in the cloud or on-premises—to collect data from across your environment.
2 min
Metasploit
Metasploit Wrap-Up: 8/14/20
vBulletin strikes again
This week saw another vBulletin exploit released by returning community member
Zenofex. This exploit module allows an unauthenticated attacker to run arbitrary
PHP code or operating system commands on affected versions of the vBulletin web
application. The vulnerability, which was also discovered by Zenofex, is
identified as CVE-2020-7373
and is
effectively a bypass for a previously patched vulnerabili