Posts tagged Exploits

2 min Vulnerability Disclosure

March Patch Tuesday Roundup

Since Microsoft is on this new staggered pattern of releases, we can expect a feast or famine every other month...so get used to it. Depending on what side of the desk you sit on you can adjust the context. With that being said, this month's release brought us 3 patches addressing  4 vulnerabilities. I think we were all expecting to see the MHTML [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol handler issue resolved, however it didn't make the cut. Make sure IE is in r

4 min Exploits

Setting Up a Test Environment for VPN Pivoting with Metasploit Pro

Penetration testing software only shows its true capabilities on actual engagements. However, you cannot race a car before you've ever sat in the driver's seat. That's why in this article I'd like to show you how to set up a test environment for VPN pivoting, a Metasploit Pro [https://www.rapid7.com/products/metasploit/download/] feature for intermediate and advanced users recently described in this post [https://community.rapid7.com/blogs/rapid7/2010/11/08/how-vpn-pivoting-creates-an-undetectab

2 min Exploits

Take an Earlier Flight Home with the New Metasploit Pro

We love it, our beta testers loved it, and we trust you will as well: today we're introducing Metasploit Pro [http://www.rapid7.com/products/metasploit-pro.jsp], our newest addition to the Metasploit family, made for penetration testers who need a bigger, and better, bag of tricks. Metasploit Pro provides advanced penetration testing capabilities, including web application exploitation and social engineering. The feedback from our beta testers has been fantastic, most people loved how easily

3 min Metasploit

Metasploit Framework 3.3.3 Exploit Rankings

This morning we released version 3.3.3 [http://www.metasploit.com/framework/download/] of the Metasploit Framework - this release focuses on exploit rankings [https://community.rapid7.com/docs/DOC-1034], session automation, and bug fixes. The exploit rank indicates how reliable the exploit is and how likely it is for the exploit to have a negative impact on the target system. This ranking can be used to  prevent exploits below a certain rank from being used and limit the impact to a particular t