8 min
Metasploit
Recon, Wireless, and Password Cracking
The Metasploit Framework continues to grow and expand with the support of the
community. There have been many new features added to the Metasploit Framework
over the past month. I am very excited to be able to share some of these new
developments with you.
Mubix's Recon Modules
Mubix's post-exploitation modules form his Derbycon talk are now in the
repository. The resolve_hostname module, originally called 'Dig', will take a
given hostname and resolve the IP address for that host from the windo
1 min
Metasploit
Adding Custom Wordlists in Metasploit for Brute Force Password Audits
In any penetration test that involves brute forcing passwords, you may want to
increase your chances of a successful password audit by adding custom wordlists
specific to the organization that hired you. Some examples:
* If you are security testing a hospital, you may want to add a dictionary with
medical terms.
* If you're testing a German organization, users are likely to use German
passwords, so you should add a German wordlist.
* Another good idea is to build a custom wordlist b
0 min
Metasploit
Metasploit and PTES
One of our Metasploit contributers, Brandon Perry
, has put together a document detailing the
recently released Penetration Testing Execution Standard
(PTES) with the modules and
functionality in the Framework. PTES is a push from a group of testers fed up
with the lack of guidance and the disparate sources of basic penetration testing
information. Brandon's document does a great job detailing disparate par
3 min
Release Notes
Exploit for Critical Java Vulnerability Added to Metasploit
@_sinn3r and Juan Vasquez
recently released a module which
exploits the Java vulnerability detailed here
by mihi and by Brian
Krebs here
.
This is a big one. To quote Krebs: "A new exploit that takes advantage of a
recently-patched critical security flaw in Java is making the rounds in the
cri
1 min
Metasploit
Three Great New Metasploit Books
I've seen three great Metasploit books published lately. The one that most
people are probably already familiar with is Metasploit: The Penetration
Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni.
The book is very comprehensive, and packed full of great advice. David Kennedy
is Chief Information Security Officer at Diebold Incorporated and creator of the
Social-Engineer Toolkit (SET), Fast-Track, and other open source tools, so he
really knows his stuff. By the way,
2 min
Microsoft
Microsoft Patch Tuesday - November 2011
November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two
“importants”, and one “moderate”. The majority of these bulletins relate to
Microsoft's later versions of the OS, implying that the flaws they address were
possibly introduced with Windows Vista. Generally more vulnerabilities are found
in earlier versions of the OS, so this month is unusual.
The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP,
vulnerability which affects Vista, Windows 7, Server
1 min
Boston Globe Selects Rapid7 as a Top Place to Work
On Sunday the Boston Globe published its annual “Top Places to Work” rankings.
This was our first time participating in the list and I'm very proud to report
that Rapid7 placed #11 in the category for employers with less than 250
employees. I'd like to congratulate our amazing team, not just those in Boston,
but the entire Rapid7 family. The passion and commitment of our team is evident
across all our locations, with everyone contributing to the culture that makes
us successful. Congratulations
3 min
The Advanced Policy Engine
The Advanced Policy Engine is the new configuration compliance framework that
was created for the Nexpose 5.0 release.
Advanced? What makes it advanced?
Anyone can call anything "Advanced" these days. A lot of times it is hard to
tell if it is just marketing or a real improvement. Look at all of the cleaning
ads on television right now.
"Cleaner X cleans 30% then the our previous cleaner using our new Advanced
formula!!!"
Is it really improved? How did they measure the i
0 min
Metasploit
Metasploit Framework Featured on CNN: Phishing Made Simple
While browsing security related articles at CNN, I noticed this video of Eric
Fiterman demonstrating a phishing attack and some post exploitation techniques
with Metasploit Framework.
Video courtesy of:
2 min
Metasploit
PCI DIY: How to do an internal penetration test to satisfy PCI DSS requirement 11.3
If you're accepting or processing credit cards and are therefore subject to PCI
DSS, you'll likely be familiar with requirement 11.3, which demands that you
"perform penetration testing at least once a year, and after any significant
infrastructure or application upgrade or modification". What most companies
don't know is that you don't have to hire an external penetration testing
consultant - you can carry out the penetration test internally, providing you
follow some simple rules:
* Sufficie
3 min
Nexpose
Introducing Metasploit Community Edition!
The two-year anniversary of the Metasploit acquisition is coming up this week.
Over the last two years we added a ridiculous amount of new code to the open
source project, shipped dozens of new releases, and launched two commercial
products. We could not have done this without the full support of the security
community. In return, we wanted to share some of our commercial work with the
security community at large.
As of version 4.1 , we now include the Metasploit
2 min
Patch Tuesday
October 2011 Patch Tuesday
This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities
across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only
two bulletins were rated 'critical', and the rest were rated 'important'.
In terms of prioritizing patching, when I look at security vulnerabilities,
first I want to understand which ones can have the most widespread impact.
MS11-081is a cumulative update which affects Internet Explorer, so it relates to
both corporate and home users. These v
15 min
Metasploit
MonaSploit
Introduction
“Standalone exploits suck”.
egyp7 and bannedit
made this statement earlier this year at Bsides Vegas, and nullthreat
& yours truly
elaborated on this even more during our talk
at Derbycon 2011.
There are many reasons why writing Metasploit exploit modules and submitting
them to the Metasploit framework is a good idea. You're not only going to help
the
3 min
Market SIEMplification or More of the SEIM?
Last week was a busy M&A week for SIEM, with IBM announcing the acquisition of
Q1 Labs and McAfee acquiring Nitro Security. We've been watching this unfold
with interest as both SIEM companies are Rapid7 technology partners. We've had
SIEM integration for our vulnerability management solution Nexpose for some
time, and back in August we introduced APIs for integrating SIEM solutions in
version 4.0 of our professional penetration testing solution, Metasploit Pro.
Nitro Security was the first to
1 min
Metasploit
Metasploit, Scanners, and DNS
One of the awesome things about the Metasploit Framework (and Ruby in general)
is that there is a strong focus on avoiding code duplication. This underlying
philosophy is why we can manage a million-plus line code base with a relatively
small team. In this post, I want to share a recent change which affects how
hostnames with multiple A records are processed by modules using the Scanner
mixin.
Quite of a few of the web's "major" properties, such as google.com, return
multiple IP addresses when
