Follow Rapid7 on their other social channels!
About Us
Company Size:
501-1000 employees
Company Type:
Boston, MA (HQ)/ Global
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized an ...
Read more
Promoted Content
Start Your InsightIDR Free Trial and Get Full Functionality for 30 Days
Changing the Corporate Network Attacker’s Risk-Reward Paradigm
Large organizations with warehouses of our personal data continue to be breached. What’s going on here—why does this keep happening? In this post, we break down the risk/reward ratio for corporate attackers and what we can do to change it. As Verizon's Data Breach Investigation Report (DBIR) continues to tell us, the primary motivator for hackers these days is coin, pure and simple. Selling Excel spreadsheets on the black market is extremely lucrative, especially if an attacker can get "f ...
The Term “Internet of Things (IoT)” Should Change
I have been the IoT Research Lead at Rapid7 for nearly two years. During those two years, we’ve seen the industry struggle to define IoT. Many organizations are still thinking of IoT as simple consumer toys that do not impact them, but that is not the case. Early on I abandoned trying to create a definition for IoT; instead I circled my wagons around explaining IoT from a security perspective and describing how to better examine and address the security of an IoT products ecosystem, no matter ...
Metasploit Wrapup
What's Hot Fall is finally here! While the weather may be getting cooler, things are hot in Metasploit-land. We've had some fun modules land recently. In our expanding arsenal of code-execution-by-design attacks, Patrick Thomas brings us the nodejs_v8_debugger module, which allows exploiting misconfigured debug services with Node.js applications. On the payloads side, Domain Fronting support with Meterpreter is just about complete and should be landing shortly. Improved support for Mainframe pa ...
Building a Backpack Hypervisor
By Brendan Watters Before I came to work for Rapid7 as a researcher and engineer, I was a developer, hacker, and technical trainer. Back then, I travelled across the country (and globe) to teach hacking, defense, and/or security tool development classes. Teaching those courses required access to targets and networks, so I almost always traveled with a powerful ESXi server. The ESXi server was contained in an 8-U portable rack and weighed around 200 pounds. Since most of my teaching engagem ...
Multiple Vulnerabilities in Wink and Insteon Smart Home Systems
We are announcing four issues affecting two popular home automation solutions: Wink's Hub 2 and Insteon's Hub. Neither vendor stored sensitive credentials securely on their associated Android apps. In addition, the Wink cloud-based management API does not properly expire and revoke authentication tokens, and the Insteon Hub uses an unencrypted radio transmission protocol for potentially sensitive security controls such as garage door locks. As most of these issues have not yet been addressed ...
IoT Security Testing Methodology
ByDeral Heiland IoT - IoT Research Lead Rapid7Nathan Sevier - Senior Consultant Rapid7Chris Littlebury - Threat Assessment Manage Rapid7 End-to-end ecosystem methodologyWhen examining IoT technology, the actionable testing focus and methodology is often applied solely to the embedded device. This is short sighted and incomplete. An effective assessment methodology should consider the entire IoT solution or as we refer to it, the IoT Product Ecosystem. Every interactive component that m ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



DUHK: The Technique That Got the VPN Compromised
Views: 1899 / December 10, 2017
What is Docker? [Series]
Views: 2396 / December 9, 2017
Wanna-Cry Ransomware
Views: 2347 / December 9, 2017
The Abyssal Depth of the Deep Web
Views: 2298 / December 8, 2017
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?