1 min
Metasploit
Introducing Metasploit’s First Evasion Modules
Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.
7 min
Metasploit
Hiding Metasploit Shellcode to Evade Windows Defender
Being on the offensive side in the security field, I personally have a lot of
respect for the researchers and engineers in the antivirus industry, and the
companies dedicated to investing so much in them. If malware development is a
cat-and-mouse game, then I would say that the industry creates some of the most
terrifying hunters. Penetration testers and red teamers suffer the most from
this while using Metasploit [https://www.rapid7.com/products/metasploit/], which
forced me to look into how to
7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
[https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
[https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
5 min
Antivirus
Finding and Protecting mission-critical assets with ControlsInsight
ControlsInsight helps organizations measure how well critical security controls
are deployed and configured throughout the enterprise. Yet, as hard you may
try, it's extremely difficult to protect every asset on your network perfectly,
and it's often necessary to prioritize "misson-critical" assets that store
important or sensitive business data. Clearly, securing the laptop computer of
Sally, the chief financial officer, is much more important than securing Joe the
intern's laptop, which prob
3 min
Antivirus
UserInsight's New User Statistics Provide Great Visibility for Incident Responders
Nate Silver made statistics sexy, and we're riding that wave. But seriously,
breaking down some of the more noisy alerts on the network by users and showing
you spikes can really help you detect and investigate unusual activity. That's
why we've built a new UserInsight feature that shows you anti-virus alerts,
vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users
that show the most activity and enable you to dig in deeper by filtering by
user. You can get to the new st
3 min
Antivirus
Is AV dead? Why Symantec's executive is only half right about the state of anti-virus software
This week, a Symantec executive proclaimed that anti-virus is dead
[http://www.slate.com/blogs/future_tense/2014/05/06/symantec_s_vp_for_information_security_brian_dye_says_that_antivirus_is.html]
. Given the company's position in the AV market, it may be the most discussed
comment coming from Symantec for some time; though in and of itself, I'm not
sure the statement would elicit much of an argument from most security
professionals. Oh, except for the other AV vendors of course.
For our own p
2 min
Antivirus
Anti-Virus Evasion Makes Vulnerability Validation More Accurate
When think talk about anti-virus evasion, we mostly do so in the context of a
penetration test: If the "bad guys" can evade AV solutions because they write
custom payloads, then a penetration tester must do the same to simulate an
attack. However, AV evasion is also critical to vulnerability validation
[http://www.rapid7.com/solutions/need/vulnerability-validation.jsp]. While a
full-scale penetration test looks for any way into the network, vulnerability
validation surgically examines one vulner
3 min
Antivirus
Won't Someone Think of The AV Vendors?
Got Too Many Shells?
Since the release of Metasploit 4.9, have you, the dedicated and resourceful
penetration tester, been having is problem with being too successful at
skipping
past the defender's detection efforts
[/2014/03/26/new-metasploit-49-helps-evade-anti-virus-solutions-test-network-segmentation-and-increase-productivity-for-penetration-testers]
? Are you getting too many shells? Maybe you're getting a little embarrassed for
the IT guys who are wondering what the heck just happened
2 min
Antivirus
ControlsInsight...Controls discussed.
Rapid7 ControlsInsight [http://www.rapid7.com/products/controls-insight/] allows
organizations to quickly assess the deployment and configuration of 11 critical
security controls from one platform; we'd like to take a brief look at these
controls to discuss what they are and what they mean to the organization (Or as
one of my professors was known to bark out at the end of a less than compelling
presentation, "So what?") Previous blogs have looked at unique password
[/2013/10/29/the-controlsinsi
7 min
Antivirus
12 Days of HaXmas: A Cat and Mouse Game Between Exploits and Antivirus
This post is the twelfth, and last, in a series, 12 Days of HaXmas, where we
take a look at some of the more notable advancements in the Metasploit Framework
over the course of 2013.
In the final episode of 12 Days of HaXmas, we'll talk about the holy war between
browser exploits vs antivirus. It will sound a little biased from time to time,
but note that It is not meant to compare who is better -- I don't have the
resources to compare the entire matrix of AV solutions
[https://en.wikipedia.or
7 min
Metasploit
PSExec Demystified
Multiple modules inside the Metasploit Framework bear the title PSExec, which
may be confusing to some users.
When someone simply refers to “the PSExec module”, they typically mean
exploit/windows/smb/psexec, the original PSExec module. Other modules are more
recent additions, and make use of the PSExec technique in other ways. Here's a
quick overview of what these modules are for:
Metasploit Module
Purpose
Comment
exploit/windows/smb/psexec
Evading anti-virus detection
Service EXE
1 min
Metasploit
Evading Anti-Virus Detection - Whiteboard Wednesday
In today's Whiteboard Wednesday, David Maloney
[https://community.rapid7.com/people/thelightcosine] explains anti-virus evasion
techniques for Metasploit.
In order to make the most of Metasploit pen testing techniques in delivering
payloads, you need to be able to deliver those payloads without anti-virus
flagging them. David walks us through a few examples on how to bypass anti-virus
detection so you can easily pen test your systems.
Watch the video here!
[http://www.rapid7.com/resources/vid
8 min
Metasploit
The Odd Couple: Metasploit and Antivirus Solutions
I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd
like to share some the information critical to understanding this problem. This
blog post is not designed to give you surefire antivirus (AV) evasion
techniques, but rather to help you understand the fundamentals of the issue.
A Quick Glossary
Before we begin, let's define a few terms. This will be important for
understanding some of the things we will discuss.
Payload: A payload is the actual code that is being del
3 min
Metasploit
How to Fly Under the Radar of AV and IPS with Metasploit's Stealth Features
When conducting a penetration testing assignment, one objective may be to get
into the network without tripping any of the alarms, such as IDS/IPS or
anti-virus. Enterprises typically add this to the requirements to test if their
defenses are good enough to detect an advanced attacker. Here's how you can make
sure you can sneak in and out without "getting caught".
Scan speed
First of all, bear in mind that you'll want to slow down your initial network
scan so you don't raise suspicion by crea
1 min
Antivirus
Become invisible to anti-virus protection
Wouldn't it be fantastic to be invisible for a day? Walk straight into a bank
vault in the morning, be a fly on the wall in the Oval Office for lunch, and
spend an evening in your favorite movie star's house. Well, now you can - with
Metasploit!
We tested our Metasploit invisibility cloak on a field day recently. Our venue
of choice: an anti-virus test lab. The goal was to test how well Metasploit's
anti-virus protection would hold up against the most recent versions of the
world's top ten a