Rapid7 Risk Management

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 4 weeks ago

  • The Ransomware Chronicles: A DevOps Survival Guide

    NOTE: Tom Sellers, Jon Hart, Derek Abdine and (really) the entire Rapid7 Labs team made this post possible. On the internet, no one may know if you’re of the canine persuasion, but with a little time and just a few resources they can easily determine whether you’re running an open “devops-ish” server or not. We’re loosely defining devops-ish as: MongoDBCouchDBElasticsearch for this post, but we ha...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • Weekly Metasploit Wrapup

    Welcome back to the Metasploit Weekly Wrapup! It's been a while since the last one, so quite a bit has happened in that time including 75 Pull Requests. Stageless mettleThe rewrite of meterpreter for POSIX systems, mettle, now supports a stageless mode. You can now build standalone static executables for almost a dozen architectures and run them on everything from small home routers to cell phones...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • Scan Configuration Improvements in Nexpose

    A common request we hear from customers is for the ability to schedule scans on individual assets, or on subsets of assets.Currently, you can start a manual scan and choose specific IPs, engine and template, but you need to have permissions to create sites in order to schedule such a scan.Good news!In version 6.4.18 version of Nexpose, released Jan 25th 2017, we've addressed this! Now individual s...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • London Infosec Assemble: Join us for a SecurityTalk Breakfast Briefing!

    January 30th, 9AM: We’ll be joining Okta and Code42 for a breakfast brief to share what we’re seeing in security today. If you’re worried about the security of your cloud services, ransomware, or simply the top attack vectors attackers are succeeding with today, this is a must-attend event. At Rapid7, we understand you’re inundated by the sheer amount of data you need to collect, prioritize, and u...

  • Impact Driven Risk Analysis and Response With Nexpose

    Today I'd like to highlight an often overlooked but very handy analysis option in Nexpose - filtering assets based on their discovered vulnerability CVSS Impact Metrics (Confidentiality, Integrity, Availability). We will use RealContext tags and Filtered Asset Search to answer the following questions:Are there any Availability Impact findings on High Availability systems? (i.e. web servers, authen...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • Maximizing PCI Compliance with Nexpose and Coalfire

    In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.  Our goal was to find that classic sports car blend of style and power: a vulnerability assessment solution that was as streamli...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • Patch Tuesday, January 2017

    Microsoft starts off the year with 4 bulletins and continues a long running trend with their products where the majority of bulletins (2) are remote code execution (RCE) followed by an even distribution of elevation of privilege and denial of service. Missing from this month’s list of affected products is Internet Explorer, which typically complements the Edge bulletin (MS17-002). All this month’s...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • Snakes Masquerading as Vines

    We spend a lot of time identifying trustworthiness in our day-to-day lives. We constantly evaluate trustworthiness in both the people that we meet and in the products and services that we decide to interact with.  Imagine that you’re like Tarzan in the jungle; you’re trying to navigate your way through products and services using the vines that hang in your path. Each vine either helps or hinders ...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • Breaking Metasploitable3: The King of Clubs

    Metasploitable3 is a free virtual machine that we have recently created to allow people to simulate attacks using Metasploit. In it, we have planted multiple flags throughout the whole system; they are basically collectable poker card images of some of the Rapid7/Metasploit developers. Some are straight-forward and easy to open, some are hidden, or obfuscated, etc. Today, we would like to share th...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 3 Things We Learned From the Joint Analysis Report

    2016 kept us on our toes right up to the very end - and its last curveball will have implications lasting well past the beginning of the new year.  Speculation on Russian hacking is nothing new, but it picked up notably with the DNC hack prior to the presidential election and the subsequent release of stolen emails, which the intelligence community later described as an information operation aimed...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: Meterpreter's new Shiny for 2016

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Editor's Note: Yes, this is technically an extra post to celebrate the 12th day of HaXmas. We said...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: The Gift of Endpoint Visibility and Log Analytics

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Machine generated log data is probably the simplest and one of the most used data source for every...

  • Focusing on Default Accounts - Targeted Analysis With Nexpose

    In my last blog post I went in depth on Impact Driven Analysis and Response, an often-overlooked but very handy analysis option in Nexpose. Today I'd like to talk about another great option for analysis - filtering assets based on their discovered vulnerabilities by Vulnerability Category. We will use Filtered Asset search to take a focused look at a specific category: Default Account findings.  D...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: New Years Resolutions for the Threat Intelligence Analyst

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. You may or may not know this about me, but I am kind of an overly optimistic sunshine and rainbows...

  • Metasploitable3 CTF Results and Wrap-Up

    The Metasploitable3 CTF competition has wrapped up and we have our winners!  We had almost 300 flag submissions from more than 50 fine folks.  There were some really great right-ups submitted with great details on how flags were found.  Thanks to everyone who took time to submit a finding!  ON TO THE RESULTS! When we announced the competition, we didn't specify if team submissions were allowed or ...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of Haxmas: Giving the Gift of Bad News

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. This holiday season, eager little hacker girls and boys around the world will be tearing open thei...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: Giving Rapid7 Customers a Way to Share Their Voice

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. In early 2014, we formally launched a program called Rapid7 Voice. It’s an advocacy program that e...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: Metasploit Framework 2016 Overview

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Breaking Records and Breaking Business2016 brought plenty of turmoil, and InfoSec was no exception...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: Year-End Policy Comment Roundup

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. On the seventh day of Haxmas, the Cyber gave to me: a list of seven Rapid7 comments to government ...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 1 month ago

  • 12 Days of HaXmas: A HaxMas Carol

    (A Story by Rapid7 Labs) Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Happy Holi-data from Rapid7 Labs!It’s been a big year for the Rapid7 elve...

  • Metasploitable3 CTF Results and Wrap-Up

    The Metasploitable3 CTF competition has wrapped up and we have our winners!  We had almost 300 flag submissions from more than 50 fine folks.  There were some really great right-ups submitted with great details on how flags were found.  Thanks to everyone who took time to submit a finding!  ON TO THE RESULTS! When we announced the competition, we didn't specify if team submissions were allowed or ...

  • macOS Agent in Nexpose Now

    As we look back on a super 2016, it would be easy to rest on one's laurels and wax poetic on the halcyon days of the past year. But at Rapid7 the winter holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now available within Nexpose Now. Live Monitoring for macOSEarlier this year, we introduced Live Monitoring for Endpoints with the release of a Windows agent for use with N...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • 12 Days of HaXmas: A Fireside Foray into a Firefox Fracas

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them.  Towards the end of November, the Tor community was shaken up by the revelation of an previously u...

  • 2017 Cybersecurity Excellence Awards: And the Nominees Are...

    With the end of the year comes the annual "best of" awards season, and cybersec is no different. This year, Rapid7 has been nominated for 10 awards at the Cybersecurity Excellence Awards! It's up to you, the practitioners and folks in the trenches, to vote for your top choice in each category and choose a winner. To help recognize our people and products, we could use your help in voting. Each cat...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • 12 Days of HaXmas: Designing Information Security Applications Your Way

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 days of blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Are you a busy Information Security professional that prefers bloated web applications, fa...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • 12 Days of HaXmas: Rudolph the Machine Learning Reindeer

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmaswith 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Sam the snowman taught me everything I know about reindeer [disclaimer: not actually true], so it o...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • 12 Days of HaXmas: 2016 IoT Research Recap

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them.  As we close out the end of the year, I find it important to reflect on the IoT vulnerability rese...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • 12 Days of HaXmas: The One Present This Data Scientist Wants This Holiday Season

    Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. “May you have all the data you need to answer your questions – and may half of the values be corru...

  • The Twelve Pains of Infosec

    One of my favorite Christmas carols is the 12 Days of Christmas. Back in the 90’s, a satire of the song came out in the form of the 12 Pains of Christmas, which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. The first thing ...

Rapid7 Risk Management

Category: Conversion
Type: Landing Page

Generated 2 months ago

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds

    Security Information and Event Management (SIEM) is security’s Schrödinger’s cat. While half of today’s organizations have purchased SIEM tools, it’s unknown if the tech is useful to the security team… or if its heart is even beating or deployed. In response to this pain, people, mostly marketers, love to shout that SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0, Securit...

  • Happy Holidays from Rapid7

    As 2016 comes to a close, we wanted to pause and reflect on what a great year it’s been connecting with our customers, partners and the community. We at Rapid7 wanted to reach out and say thank you and best wishes for the holidays and have a happy New Year.  Please enjoy this special video sharing the tale of "The Hacker Who Stole Christmas," narrated by Bob Rudis. 

  • 2017 Cybersecurity Horoscopes

    What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked crystal balls, and cast runes to peer into the future. See what the signs have in store for you in the new year. Sage Corey Thomas, Rapid7 Gazing into the future of 2017, I believe we will continue to see market consolidation of security vendors. With a focus on increasing productivity, organizations will move further fro...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • Giving the Gift of Time: Nexpose Adaptive Security Improvements

    'Tis the holiday season and the Nexpose team is in the giving spirit! At the Rapid7 workshop, we've been busy little helpers building toys for deserving security teams throughout the year. Here are just some of the goodies you can take advantage of NOW:Remediation Workflows - create and assign remediation projects to get to fix fasterLiveboards - live and interactive dashboards for getting a real-...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • Weekly Metasploit Wrapup

    Taking Care of Universal Business: the Handler's Tale With a few exceptions, payloads have to have a handler. That's the guy who waits with the car while your exploit runs into the liquor store. To run an exploit module, we have to select and configure a payload first. In some cases, Metasploit can do this for you automatically, by just guessing that you probably wanted the best payload for the ta...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • Vulnerability Categories and Severity Levels: “Informational” Vulnerabilities vs. True Vulnerabilities

    A question that often comes up when looking at vulnerability management tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it’s not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability...

  • Research Report: Vulnerability Disclosure Survey Results

    When cybersecurity researchers find a bug in product software, what’s the best way for the researchers to disclose the bug to the maker of that software? How should the software vendor receive and respond to researchers’ disclosure? Questions like these are becoming increasingly important as more software-enabled goods - and the cybersecurity vulnerabilities they carry - enter the marketplace. But...

Rapid7 Risk Management

Category: Content
Type: Blog Article

Generated 2 months ago

  • Web Shells 101: Detection and Prevention

    2016 has been a big year for information security, as we’ve seen attacks by both cybercriminals and state actors increase in size and public awareness, and the Internet of Things comes into its own as a field of study. But today we’d like to talk about a very old (but no less dangerous) type of attacker tool – web shells – and new techniques Rapid7 is developing for identifying them quickly and ac...

  • Metasploitable3 CTF Competition: Update and Leaderboard!

    The Metasploitable3 Capture The Flag Competition has been underway for about a week now and the submissions have been pouring in!  We're very excited to see so many great submissions. We're reviewing as fast as we can so if you don't hear back from us right away, don't worry, you will.  For all valid submissions we will update this blog post and subsequent ones with the leaderboard. For any questi...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in