Spilling the (Gi)tea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user's ability to create Git hooks by authenticating with the web interface, creating a dummy repos
A new Microsoft Windows Spooler privesc module, along with some fixes and improvements!
Metasploit 6 initial features and active development, the 2020 open-source security meetup (OSSM), four new modules, and the longest list of enhancements and fixes we've ever written in one sitting.
Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!
Command and Control with DOUBLEPULSAR
We now have a DOUBLEPULSAR exploit module
[https://github.com/rapid7/metasploit-framework/pull/12374] thanks to some
amazing work by our own wvu [https://github.com/wvu-r7], Jacob Robles, and some
significant contributions from the wider community. The module allows you to
check for the DOUBLEPULSAR implant, disable it, or even load your own payloads
as well; it really deserves its own blog post…