Posts by Craig Smith

5 min Metasploit

Metasploit's RF Transceiver Capabilities

The rise of the Internet of Things We spend a lot of time monitoring our corporate networks. We have many tools to detect strange behaviors. We scan for vulnerabilities. We measure our exposure constantly. However, we often fail to recognize the small (and sometimes big) Internet of Things (IoT) devices that are all around our network, employees, and employees' homes. Somewhat alarmingly – considering their pervasiveness — these devices aren't always the easiest to test. Though often difficult,

9 min Metasploit

Pen Testing Cars with Metasploit and Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit [] compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any code (or read this) then I've also provided the full code as a library example in the Particle library and can be found here [

2 min Metasploit

Car Hacking on the Cheap

Metasploit's HWBrige comes with an automotive extension. This works out of the box if you happen to have a SocketCAN compatible CAN sniffer hanging around. However, if you don't have one, there is a decent chance you have a cheap sub $10 vehicle dongle in a drawer somewhere. If not you can probably pick one up on ebay super cheap. Metasploit supports the ELM327 and STN1100 chipsets that are very popular in these dongles. Metasploit comes with a tool to connect these devices provided your device

6 min Metasploit

Exiting the Matrix: Introducing Metasploit's Hardware Bridge

Follow the white rabbit... Metasploit is an amazing tool. You can use it to maneuver through vast networks, pivoting through servers and even embedded OSes.  Having a single interface for your team and yourself to control a web of servers and networks is extremely powerful.  But sometimes you want to do more than control the virtual world. You want to control the physical world. You need to exit the Matrix. We recently announced a new addition to Metasploit to help you do exactly that: the H

2 min Transportation

All the (moving) Things!!

Until recently, I was running a small security testing company called Theia Labs.  Theia was small, just myself and a few other contractors, but we built a solid reputation within the auto industry.  During that time, I even wrote the book the Car Hacker's Handbook []. When Rapid7 approached me about potentially acquiring Theia Labs, I was really excited. Joining Rapid7 allowed me to move my tools and continue working on my research as I had before. However,

2 min Car Hacking

Hacking Cars is Sexy

Five years ago, if you wanted to publicly demonstrate a car hack it usually meant you would (at the very least) get a series of cease and desist letters.  Of course this made it very hard for researchers to report problems.  If a security researcher found something that they were concerned about and wanted to see it addressed, they would turn to the vendor to try and get it fixed.  Unfortunately, automaker's websites didn't have a place to report security findings.  You could try contacting supp