Posts by Christian Kirsch

1 min Metasploit

SOHO Router Horror Stories: German Webcast with Mike Messner

This Thursday, it's my distinct pleasure to host Mike @s3cur1ty_de Messner for a German-language webcast about SOHO router security []. For those not familiar with him, Mike is the author of the most comprehensive German Metasploit book (published by dpunkt) [] and worked several years as a Metasploit trainer. His personal passion is p

3 min Phishing

How Vulnerable Are Your Phishing Targets?

When you're assessing the exposure to phishing in your organization, one important part are the client-side vulnerabilities that would enable a malicious attacker to exploit a browser. In this blog post, I'd like to outline a non-invasive (and free!) way to get visibility into your client-side risk landscape. There are essentially two ways to use phishing as part of your security program. * Phish 2 Pwn: If you are a penetration tester, you'll likely use spear phishing of a couple of users

2 min Metasploit

Staying Stealthy: Passive Network Discovery with Metasploit

One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily monitors broadcast traffic to identify the IP addresses of hosts on the network. By initially running a passive scan, you can

3 min Metasploit

Firewall Egress Filtering: Why And How You Should Control What's Leaving Your Network

Most companies have firewall rules that restrict incoming traffic, but not everyone thinks to restrict data leaving the network. That's a shame, because a few easy configurations can save you a lot of headaches. Firewall egress filtering controls what traffic is allowed to leave the network, which can prevent leaks of internal data and stop infected hosts from contacting their command & control servers. NAT alone won't help you - you actually have to restrict the ports through which your intern

0 min Metasploit

SecureNinjaTV Interview: Tod Beardsley About Metasploit 10th Anniversary

At Black Hat 2013 in Vegas this year, our very own Tod Beardsley was cornered by SecureNinja TV and social engineered into giving an interview. Here is the result - captured for eternity: []

8 min Metasploit

Metasploit 4.7's New MetaModules Simplify Security Testing

Even when offensive security techniques have been publicly discussed at conferences and proof of concept code or open source tools are available, using them in your projects can be very time consuming and may even require custom development. Metasploit Pro 4.7 now introduces MetaModules, a unique new way to simplify and operationalize security testing for IT security professionals. MetaModules automate common yet complicated security tests that provide under-resourced security departments a mor

1 min Metasploit

Webcast Q&A: OWASP Top 10 and Web App Scanning Webcast

First of all, a big thank you to all of you who participated in our OWASP Top 10 and Web App Scanning webcast last week. (If you missed it, you can view a recording here. [] ) Because of an issue with the webcast platform, I wasn't able to see all of the audience questions while we were online. However, my colleagues were able to recover the unanswered questions, so I created questions and answers for them in the

4 min Metasploit

How To Do Internal Security Audits Remotely To Reduce Travel Costs

An internal penetration tests simulates an attack on the network from inside the network. It typically simulates a rogue employee with user-level credentials or a person with physical access to the network, such as cleaning staff, trying to access resources on the network they're not authorized for. Internal penetration tests typically require the auditor to be physically present in the location. If you are working as a consultant, then conducting internal penetration tests can mean a lot of tr

2 min Phishing

Top 10 Tips: Stay Safe From Phishing on Tax Day

More than ever before, people are filing their taxes online versus using an agent. The IRS now offers to confirm by email of submissions and alerts. Hackers are gearing up to capitalize on this through malicious phishing schemes aimed at the consumer. Be on the lookout for increased tax-related phishing schemes and provide them with concrete ways to avoid these attacks. And remember: This is not only important for individuals to protect their own organizations, but also for organizations employi

4 min Metasploit

Metasploit Pro 4.6 Adds OWASP Top 10 2013 and Security Auditing Wizards

Today, we released Metasploit Pro 4.6, which brings you some awesome new features for your enterprise security program. Updated Web Application Security Testing with Support for OWASP Top 10 2013 Web applications are gaining more and more traction, both through internally developed applications and by adding SaaS-based solutions. These applications often contain some of the most confidential information in the organization, such as financial and customer data, credit card numbers, medical data,

3 min Metasploit

Metasploit Now Supports Kali Linux, the Evolution of BackTrack

Today, our friends at Offensive Security announced Kali Linux [], which is based on the philosophy of an offensive approach to security. While defensive solutions are important to protect your network, it is critical to step into the shoes of an attacker to see if they're working. Kali Linux is a security auditing toolkit that enables you just that: test the security of your network defenses before others do. Kali is a free, open sour

3 min Metasploit

How to Verify that the Payload Can Connect Back to Metasploit on a NATed Network

If you are running an external penetration test and are working from a NATed network behind a wireless router, for example from home, you will need to adjust your router's port forwarding settings so the payload can connect back to Metasploit. The best option would be to eliminate the router and connect directly to the Internet, but that would make me unpopular with the other folks sharing the Internet connection, so it wasn't an option in my case. Setting up the port forwarding is not too diffi

5 min Exploits

December Exploit Trends: Internet Explorer CButton

Each month we compile a list of the most searched exploit and auxiliary modules from our exploit database []. To protect user's privacy, the statistics come from analyzing webserver logs of searches, not from monitoring Metasploit usage. December brings us the addition of a brand new Internet Explorer exploit module making its debut at #6 and the Apache Killer DoS jumping five spots to #5. Read on for the rest of December's exploit and auxiliary modules with co

4 min Penetration Testing

Free Metasploit Penetration Testing Lab In The Cloud

No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server [], which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configurat

3 min Metasploit

Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro

Update: Kali Linux now superseded BackTrack as a platform. We strongly recommend using Kali Linux over BackTrack if you are going to run Metasploit. More info here [/2013/03/13/metasploit-now-supports-kali-linux-the-evolution-of-backtrack] . As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack. Here is how it's done: * After BackTrack boots, enter startx to get into the UI. * Install Bac