Posts by Dean Welch

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Spilling the (Gi)tea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user's ability to create Git hooks by authenticating with the web interface, creating a dummy repos

3 min Metasploit

Metasploit Wrap-Up

A new Microsoft Windows Spooler privesc module, along with some fixes and improvements!

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Metasploit 6 initial features and active development, the 2020 open-source security meetup (OSSM), four new modules, and the longest list of enhancements and fixes we've ever written in one sitting.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!

1 min Metasploit

Metasploit Wrap-Up

Command and Control with DOUBLEPULSAR We now have a DOUBLEPULSAR exploit module [https://github.com/rapid7/metasploit-framework/pull/12374] thanks to some amazing work by our own wvu [https://github.com/wvu-r7], Jacob Robles, and some significant contributions from the wider community. The module allows you to check for the DOUBLEPULSAR implant, disable it, or even load your own payloads as well; it really deserves its own blog post… [/2019/10/02/open-source-command-and-control-of-the-doublepuls