3 min
Metasploit
Metasploit Weekly Wrapup: March 10, 2017
The last couple of weeks in the infosec world have appeared busier, and buzzier,
than most others. It seems almost futile to pry everyone away from the current
drama--that being the bombshell revelation that intelligence agencies collect
intelligence--long enough to have them read our dev blog. Regardless, we've
been busy ourselves. And if you're the least bit like me, you could probably
use a quick respite from the cacophony. Keeping up with all the noise is enough
to make anyone feel lik
3 min
Metasploit
Metasploit Weekly Wrapup: Aug. 12, 2016
Las Vegas 2016 is in The Books
This week's wrap-up actually covers two weeks thanks in large part to the yearly
pilgrimage to Las Vegas. I myself elected not to attend, but I'm told everyone
had a great time. Many on the team are still recuperating, but I'd wager that
they all enjoyed seeing you there as well. Here's to everyone's speedy
recovery.
Centreon Web UserAlias Command Execution
Our first new module this go-around exploits a remote command execution
vulnerability in Centreon Web via
10 min
Metasploit
A Short Approach: The Cisco ASA 5505 as a Stepping Stone Into Embedded Reverse Engineering
Back in February, Exodus Intelligence released their blog entry titled "Execute
My Packet", which detailed their discovery and exploitation of CVE-2016-1287.
Since then, I've fielded numerous requests for modules and witnessed much
discussion generated from it. From this discussion, I've gathered that many
researchers seem to consider the Cisco ASA as an unruly beast, difficult to
approach, even harder to tame. I feel that this is far from the truth, and this
article is a response to such not