Posts tagged Networking

8 min Metasploit

The Odd Couple: Metasploit and Antivirus Solutions

I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd like to share some the information critical to understanding this problem. This blog post is not designed to give you surefire antivirus (AV) evasion techniques, but rather to help you understand the fundamentals of the issue. A Quick Glossary Before we begin, let's define a few terms. This will be important for understanding some of the things we will discuss. Payload: A payload is the actual code that is being del

3 min Nexpose

Introducing Nexpose 5.5 - CIS, USGCB 2, Enhanced Reporting, and Data Scalability

For those of you that don't know me, I head up the Nexpose engineering team, and we are excited to introduce the latest release, Nexpose 5.5. This release focuses on meeting three big needs that we've heard about from our customers. The first is configuration assessment. This is a big deal for organizations that are subject to regulatory or internal standards that require confirmation of specific configurations of IT assets, such as USGCB 2.0. For those organizations, proving compliance is pain

5 min Nexpose

Nexpose Community Edition Lab | Scanning & Reports

In the previous blog post [/2012/06/28/using-nexpose-at-home-theory], we walked through creating a virtual machine and installing Nexpose Community for use in a small lab environment.  In this post, we'll highlight key features of Nexpose, run Discovery and Vulnerability scans and finally generate a report to assist with remediating those pesky vulnerabilities. To log into your Nexpose Console, open your browser and navigate to: https://localhost:3780 [https://localhost:3780/], then input th

3 min Networking

Weekly Metasploit Update: SAP, MSSQL, DNS, and More!

Zone Transfers for All This week, Metasploit community contributor bonsaiviking [] fixed up the DNS library that Metasploit uses so we won't choke on some types of zone transfer responses. Turns out, this is a two-year old bug, but DNS servers that actually offer zone transfers are so rare any more that this this bug didn't manifest enough to get squashed. This brings me to a larger point -- with older vulnerabilities like these, sometimes the hardest part for us

5 min Compliance


For every data breach that makes the headlines, there are tens to hundreds that go unreported by the media, unreported by companies, or even worse, go unnoticed. The rash of negative publicity around organizations that have experienced data breaches would appear to be a sufficient motivator to whip corporate leaders into bolstering their security programs in order to prevent from being the next major headline. If that is not reason enough, the litany of regulations imposed on certain industries

1 min Networking

A Penetration Test is Quality Assurance for Your Security Controls

“We've spent all this money on IT security and you're still telling me that you don't know whether our systems are secure?” your CEO might say. In addition, they may challenge that you should know your systems well enough to know their weaknesses? Not really. Let's say you're a manufacturer of widgets. Even if you have the best machine and the brightest people working for you, you'll still want to ensure that the widgets that leave the factory will work as expected to ensure high customer sat

1 min Networking

Leveraging Security Risk Intelligence to Improve Your Security Posture

As most of you probably know, attackers routinely target exploitable weaknesses of security systems rather than pre-identifying victims for their attacks. Also, most breaches that occur in database security systems are avoidable without expensive or sophisticated countermeasures. In its 2012 Data Breach Investigations Report, Verizon [] registered 174 million compromised records for 2011, compar

3 min Metasploit

Weekly Metasploit Update: DNS Payloads, Exploit-DB, and More

This week we've got a nifty new shellcode delivery scheme, we've normalized on Exploit-DB serial numbers, and a pile of new modules, so if you don't have Metasploit yet, you can snag it here []. DNS Payloads in TXT Records To quote RFC 1464 [] describing DNS TXT records, "it would be useful to take advantage of the widespread use and scalability of the DNS to store information that has not been previously defined." I don't kno

1 min Metasploit

Identifying IPv6 Security Risks in IPv4 Networks: Tools

This post details some of the tools used in my recent IPv6 security testing webcast [] If you have any specific questions, please open a Discussion [] thread. A minimal IPv6 toolbox: * A Linux-based operating system [] with IPv6 support (BSD variants are great too) * The IPv6 Attack Toolkit [http://www.thc

2 min Networking

SOC Monkey's Week in Review - 3.23.12

Hello all, Every Friday I'm going to round up the week with a few of my favorite stories that we've seen during the week on my app (SOC Monkey, available now, free in the Apple App Store). Let's dive right in, shall we? One of the biggest items of the week was the latest word from Facebook on employers asking job applicants to reveal their passwords. Ars Technica's article saw a lot of interest: Facebook says it may sue employers who demand job applicants' passwords [

4 min Release Notes

Configuration assessment and policy management in Nexpose 5.2

We love our policy Dashboards. They are new, hot, intuitive, robust and really useful. In our latest release of Nexpose, version 5.2, we've made two major enhancements to our configuration assessment capabilities: * A policy overview dashboard: To understand the current status of compliance of configurations delivering a summary of the policy itself.A policy rule dashboard: To provide further details for a particular rule and the current compliance status for that rule. What makes th

2 min Microsoft

Microsoft Patch Tuesday - November 2011

November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two “importants”, and one “moderate”. The majority of these bulletins relate to Microsoft's later versions of the OS, implying that the flaws they address were possibly introduced with Windows Vista. Generally more vulnerabilities are found in earlier versions of the OS, so this month is unusual. The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP, vulnerability which affects Vista, Windows 7, Server

0 min Metasploit

Metasploit Framework Featured on CNN: Phishing Made Simple

While browsing security related articles at CNN, I noticed this video of Eric Fiterman demonstrating a phishing attack and some post exploitation techniques with Metasploit Framework. Video courtesy of:

2 min Patch Tuesday

October 2011 Patch Tuesday

This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only two bulletins were rated 'critical', and the rest were rated 'important'. In terms of prioritizing patching, when I look at security vulnerabilities, first I want to understand which ones can have the most widespread impact. MS11-081is a cumulative update which affects Internet Explorer, so it relates to both corporate and home users. These v

1 min Metasploit

Metasploit, Scanners, and DNS

One of the awesome things about the Metasploit Framework (and Ruby in general) is that there is a strong focus on avoiding code duplication. This underlying philosophy is why we can manage a million-plus line code base with a relatively small team. In this post, I want to share a recent change which affects how hostnames with multiple A records are processed by modules using the Scanner mixin. Quite of a few of the web's "major" properties, such as, return multiple IP addresses when