Rapid7 is a leader in AI-powered managed cybersecurity operations. 11,500+ customers utilize Rapid7 to disrupt attackers and advance their cyber resilience.

Boston, MA
Read the full case study on the #IoTsec baby monitor vulnerabilities we disclosed today: rapid7.com/iotsec #iot
46
602
1,126
We are thrilled to announce that today, the @NHLBruins named Rapid7 as their first-ever jersey patch partner and the official cybersecurity partner of the Bruins and @tdgarden – beginning with the 2022-23 season. Read the release here: bit.ly/3r1hFdH
27
30
196
PsExec: How Remote Execution Works w/ @TheLightCosine [VIDEO] bit.ly/1MX1jrE #rapid7WbW
2
95
155
🚨 Rapid7 has observed increased activity involving a new threat group and #AWS cloud environments. Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS
40
131
16,181
Hey, offensive security fans: @Metasploit now has a YouTube channel. Check it out here! r-7.co/2rPzgG4
1
74
93
The @owasp Top 10 API Security Risks 2023 has arrived! In a new blog, we dig a little deeper into each item on the list – a key component of API security preparedness for the year. Read on: r-7.co/3X3LCsK
1
29
91
16,247
Happy 25th scan-iversary, #Nmap! 🎉 September 1, 1997 was the day Fyodor's Nmap was released to the world. Check out a quick blog post from Rapid7 Director of Research, @todb on the impact of 25 years of Nmap: r-7.co/3cyJh6s
2
30
87
🚨 Rapid7's ETR team has begun responding to CVE-2023-27997, a critical RCE vulnerability in Fortinet Fortigate SSL-VPN firewalls. Fortinet is expected to publish their advisory tomorrow, June 13, 2023. Find mitigation advice & more in our blog: r-7.co/43AjXSI
2
41
89
21,452
Metasploit turned 15 this year! Here are the most memorable @metasploit moments of 2018. #HaXmas r-7.co/2RkX5oi
26
83
You asked, we deliver: Register for the @Metasploit community CTF to hack the Linux version of Metasploitable3 (and win prizes). 500 spots. Play starts Monday! r-7.co/communityCTF17
1
53
80
We probed more than 3 billion IPv4s and mapped internet exposure around the world. Get the National Exposure Index r-7.co/2tmavAF
2
54
74
What you need to know about #Meltdown and #Spectre: What they are, who's affected, and where to find help r-7.co/meltdownspectre
43
71
On July 18, Citrix published a security bulletin warning of 3 new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. CVE-2023-3519, an RCE vulnerability and the most severe of the 3, is known to be exploited in the wild. More in our blog: r-7.co/3ry9ybY
38
75
19,612
One of @Metasploit's strengths is the ability to offer a lingua franca for expressing vulns and exploits. @todb underscores this point with a #HaXmas story r-7.co/haXmas1
1
26
70
The rumors are true: Rapid7's @PDXbek is hosting a Threat Intelligence Book Club! We’ll be digging into The Cuckoo’s Egg starting 2/21. Details and registration here: r-7.co/R7tibc1
4
33
66
Spoofing (noun) /spōōfiNG/: A lot like deking, according to @RayBourque77 🥸 When a threat actor disguises their messaging to look like a trusted source, shutting 'em down can be as simple as "watching their hips." Take command with Rapid7: r-7.co/3VysBiF | @NHLBruins
2
7
60
23,989
Learn how to build your own caller ID spoofer (for more than just prank calling your buddies): r-7.co/2GKPTby
28
59
This isn't your average game of Capture the Flag. At #R7UNITED, you can hack with @Metasploit r-7.co/2vIZy1W
29
63
100 years of grit, passion, and community. Happy Birthday to our @NHLBruins! 👏🐻🧡 The game on Sunday marks the team's centennial anniversary – the B's took the ice for the first time in Boston on December 1, 1924. A quick message from Rapid7 & @RayBourque77 ⤵️
5
61
16,920
We've locked @metasploit in a room until they figure this out. Y'know...for Trevor.
3
11
57
CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. Read more & find mitigation guidance ⤵️ r-7.co/3eH05Jp
1
41
60
Find out how #UBA can provide you with security answers at Booth #807 at #RSAC r-7.co/2kLlzal
2
20
51
Internet researchers, security scholars, and data nerds, have we got something for you! Today we’re unveiling our National/Industry/Cloud Exposure Report (NICER), a data-rich analysis of risk across the internet complete with actionable security advice. r-7.co/2WCQO8W
1
30
54
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. Check out our five-part blog series featuring testimonials of what goes on beneath the hoodie. r-7.co/2wHEyH5
1
14
53
Whether you’re just getting started with #pentesting, or simply interested in the basics, this blog for you. Guest author Bo Weaver walks through how to create a secure and portable Kali installation: r-7.co/2MHZIeF
1
21
48
Wondering which OSINT tool is cream of the crop? @L4bF0x will analyze the most popular ones at #BSidesLV: r-7.co/2tpS9Sr
13
33
.@hdmoore, we know you'll go far -- all the best! community.rapid7.com/people/…
1
40
47
How to Build Your Own Caller ID Spoofer r-7.co/2GKPTby
23
50
What do pen testers do w/internal network access? Why you need to detect Responder & PsExec: r-7.co/2mpwmsc #infosec
31
49
🔥🐻 Rapid7 is proud to kick off another year as the @NHLBruins' Official Jersey Patch & Cybersecurity Partner! Tune in tonight for the 2025-2026 season opener, then tomorrow as our B's look to command the ultimate attack surface: Home ice 🏒
1
2
48
16,520
🎣 Rapid7 defends against Phishing. @RayBourque77 defends against fishing. Whether you spell it with an F or a P (and no matter if you're in pro sports or the SOC), it's a pesky threat that our defenders work to shut down. Take command: r-7.co/3VysBiF | @NHLBruins
1
7
47
21,299
If your org’s security data is everywhere – like a @RayBourque77 yard sale, everywhere – it might take more than Tully to get things back in order. 🧹 Everything in one place, with Rapid7: r-7.co/3VysBiF | @NHLBruins
1
1
47
24,806
🛡️ The best Defense is so many steps ahead that it’s practically Offense. @RayBourque77 – the NHL’s all-time scoring leader among Defensemen – would know a thing or two about that. Anticipate with Rapid7: r-7.co/3VysBiF | @NHLBruins
2
6
42
18,261
Are you an aspiring ethical hacker? Lucky for you, there are many resources available to help you get started! r-7.co/2CRgcj0
4
21
46
How to use Windows event logs to detect lateral movement [VIDEO] rapid7.com/resources/videos/… w/@omgAPT #DFIR #rapidWbW
33
44
Introducing InsightPhish (beta): Unified phishing simulation, investigation, and analysis from Rapid7 r-7.co/InsightPhish
2
30
39
Big thanks to @huykha10 for reporting a website vuln on one of our new sites so we could fix! Responsible disclosure always appreciated :)
2
7
43
How to set up a pentesting lab - http://bit.ly/gycS16
42
45
Metasploitable3 has 15 hidden flags. Can you capture them all? Join the #CTF and win stuff! r-7.co/2ghDgL9
38
43
#EternalBlue: New @Metasploit module for MS17-010 developed by contributors @zerosum0x0 and @JennaMagius r-7.co/2qADOj4
1
29
38
Attending #RSAC? Come see "Under the Hoodie: Actionable Research from Pentesting Engagements" at Booth #807 r-7.co/2kLlzal
1
3
37
Show off your hacker skills and pwn hard. Join the Metasploitable3 #CTF and win stuff! r-7.co/2ghDgL9
29
41
Thanks to @RandomDhiraj for finding and disclosing a Code Execution issue on the Nexpose installer, which we were able to remediate quickly thanks to this report.
4
5
41
📣 GIVEAWAY ALERT! Rapid7 has partnered with @RayBourque77 to gift 2 winners a signed 7⃣7⃣ jersey! Enter on LinkedIn: r-7.co/3MMte3j Enter on Instagram: r-7.co/3B05tSx Winners will be selected on 9/20, just before our @NHLBruins take the ice for preseason 🐻🏒
4
38
20,018
We just opened our newest Rapid7 office in Arlington, VA! The Arlington office is inspired by video game platforms and is also home to our security operations center (SOC), where our hardworking team detects and responds to security issues.
7
5
36
RT @metasploit: Headed to #DEFCON26? Find us and the rest of the @Rapid7 family in the vendor hall selling limited edition #Metasploit0xf Anniversary Tour shirts to benefit @EFF. Get it.
3
9
39
Visit us at #RSAC (North Hall 4215) for great presentations, demos & party reg: rapid7.com/rsa-2016/ #RSA2016
10
38
Register for our THREAT HUNT webcast series to learn how to fend off attackers (and ninjas). bit.ly/23ioUdO
24
35
Hiding Metasploit shellcode to evade Windows Defender: r-7.co/2w9Kzi7
20
38
The sky isn't falling, but KRACK deserves some attention. Here's what you need to know: r-7.co/2xJymft
42
39
🗓️ A new meeting invite on your calendar, or a new attack vector? Because calendar files (.ics) often bypass traditional email & attachment defenses, they offer attackers a low-friction path into corporate environments.  Read on via Rapid7 Labs: r-7.co/3Jwc9wx
11
39
5,585
We conducted 268 penetration testing service engagements. In this post, we review interesting detection trends, including exactly where our red team found success. blog.rapid7.com/2018/08/02/d…
1
28
39
RT @metasploit: Headed to #DEFCON26? Find us and the rest of the @Rapid7 family in the vendor hall selling limited edition #Metasploit0xf Anniversary Tour shirts to benefit @EFF. Get it.
3
11
35
The start of a new data model for @Metasploit: The team landed the beginning of a nifty new backend service for Framework users this week—plus, a windfall of modules and several open roles! r-7.co/2pZl9gN
21
38
Learn about the latest in pentesting research at our #RSAC booth: r-7.co/2kLlzal
2
5
34
[blog] The Shadow Brokers Leaked Exploits Explained r-7.co/2oKuOqv
33
32
The VENOM vulnerability explained (CVE-2015-3456) [VIDEO] bit.ly/1EF2lRS #rapid7WbW
2
35
35
#DerbyCon -- heads up! We're giving away Metasploit t-shirts to the first 750 people at the Saturday night party:
5
14
35
We’re thrilled to announce plans for our new global headquarters at The Hub on Causeway, where we’ll continue to build a fantastic experience for employees and invest in the #Boston community as we grow. r-7.co/BostonHQ
2
18
33
Today, we welcomed network traffic visibility and analytics company @NetFort to the Rapid7 family! r-7.co/2UnbGRQ
10
34
Relentless offense and tireless defense. It's a winning recipe in hockey, cybersecurity, and beyond 🏆 @RayBourque77 recently stopped by our Boston HQ – and clearly, he's made himself right at home. See how Rapid7 and #77 are commanding the attack surface together ⤵️
4
7
36
61,100
Holiday classics with a Rapid7 twist. 'NOW That's What I Call HaXmas!' is here for your listening pleasure. Happy holidays! rapid7.com/info/haxmas/
24
36
Yesterday, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache. Read more about exploitation and remediation in this blog write up from @Junior_Baines: r-7.co/3rngOEA
19
31
We've been voted the coolest T-shirt at #DEFCON!* Swing by to grab one and support the @EFF. *sample size = 3 people at the Rapid7 table
2
7
32
“This one time on a pen test…” Discover real stories of exposure, exploitability, and execution in the 2018 edition of #UnderTheHoodie: r-7.co/2LL3Rxt
5
30
34
Hard at work in the #DEFCON26 vendor hall. #Metasploit0xf tshirts. $20 to benefit @EFF.
4
30
What is the difference between WAF and RASP? How can you get the most out of both? Learn more about these emerging application security products.
9
32
You can now RF test the security of #IoT devices through @Rapid7’s @Metasploit: r-7.co/2o09w6A @opengarages
1
45
34
A new research paper from Metasploit and Rapid7 Labs looks at practical exploitation of Java serialization vulnerabilities and internet exposure of Java services. r-7.co/2Od4K3Y
14
33
Need a social distancing hobby? This blog gives you an intro to embedded hardware hacking. r-7.co/2XEGL0Z
14
30
Patching Samba (CVE-2017-7494): Who's affected, how to mitigate, and a word on early data from our labs r-7.co/2rWG8A9
1
37
31
Learn how to build your own caller ID spoofer (for more than just prank calling your buddies): r-7.co/2GKPTby
10
30
We’re investigating implications of #Wassenaar for Metasploit and security research & expect to participate in the consultation process.
1
57
28
Rumors of Metasploit 5 development have not been greatly exaggerated. More from @busterbcook and team in this week's @Metasploit wrap-up: r-7.co/2DTRH2x
24
31
Learn about the latest pentesting research at "Under the Hoodie: Penetration Testing Engagements" in 20 minutes at booth S807 #RSAC
3
25
"Work like hell. Share all you know." Full text of Dan Geer's inspirational #R7UNITED closing keynote here: r-7.co/2xYuxHS
12
29
Securing IoT devices? Be warned that Universal Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom. IoT Research Lead @Percent_X talks about the security impact of easily accessible UART on IoT technology: r-7.co/2t7Vnt8
13
25
The OWASP Top 10 is regarded as the single source of truth for the most common application security risks we see in today’s environments. Tune in for this #AppSec 101 topic in this week’s #WBW.
6
27
💡 Introducing Fetch Payloads to @Metasploit! These simplify & replace some command stager use cases, providing for faster, more intuitive command injection module dev'pment – and offering a useful on-the-fly hacking tool. More in a brand new blog: r-7.co/3q9jbgL
10
28
13,152
#NetNeutrality matters. Today, we stand with @SenMarkey and Massachusetts technology leaders to support an open internet. Watch live at 10 AM EST: r-7.co/MA4neutrality #MAnetneutrality
1
12
23
12 memorable @Metasploit moments from 2017 that inspired and connected us with our community around the world (c/o @busterbcook) r-7.co/haXmas6
8
29
We simulated targeted phishing campaigns at a cybersecurity event attended by 60 CEOs. Here's how they fared. r-7.co/2RbCNhQ
1
15
29
In 2017, 225 new @Metasploit modules were developed by the Rapid7 community. Discover more key stats from our past year in review: r-7.co/2FKzbt0
10
28
What’s new with @metasploit? Read our blog to know everything you need to about external Metasploit modules. r-7.co/2NP97RU
14
27
Extracting Firmware from Microchip PIC Microcontrollers Explained r-7.co/2vrmosm
12
27
A statement from Rapid7 and CEO Corey Thomas: Much of the world awoke to the shocking news coming out of Israel this morning.
1
2
30
10,616
Rapid7's Metasploit Framework research team has noticed a marked increase in both CVEs and exploit module PRs for Java serialization vulnerabilities. Security researchers @_surefire_ and @jhartftw delve into exploitation of Java Serialized Objects. r-7.co/2Od4K3Y
13
30
Got SMB? @_sinn3r wrote a guide on using @Metasploit Pro Task Chains to evaluate SMB server security, autopwn-style: r-7.co/2z3tOmI
8
29
Whether you’re just getting started with #pentesting, or simply interested in the basics, this blog for you. Guest author Bo Weaver walks through how to create a secure and portable Kali installation: r-7.co/2MHZIeF
1
12
29
Which countries are most exposed on the internet? Get Rapid7's National Exposure Index r-7.co/2tmavAF
1
13
26
Today's the last day of #defcon, which means your last chance to get this shirt to support the @EFF
2
11
27
"Behind every POS system is an outdated OS." Contributes to susceptibility of POS systems for hacking. @westonhecker #defcon
1
16
24
Last week’s #Metasploit Wrapup features a new EternalBlue module in everyone's favorite reptile-brain language, Python! Check it out: r-7.co/2MOM9Ks
2
21
25
Missed the past week's @Metasploit wrap-up? We've got it right here. r-7.co/2HCpKNd
1
17
28
AppDomain Manager Injection can be a very powerful technique for red teams – operators can package DLLs in initial access payloads, perform lateral movement, and even utilize it for persistence. 🛡 Learn the basics in a new blog: r-7.co/42Bu20y
5
30
5,610
.@indi303 and @joshcorman lose their locks to raise money for @StBaldricks chrildren's cancer research. #RSAC2017 #shavesthatsave
3
16
27