Posts tagged Networking

3 min Compliance

Disclosure, Destruction, and Denial

A few years ago while I was working at Defense Cybercrime Center (DC3), one of my colleagues Terrence Lillard talked about the DDD triad in regards to what attackers want to do to organization's assets. I haven't heard anyone outside of him using that term, but I think it's worth sharing. I participated in an awesome mini-conference event last week with the Metasploit Developement team and this came up during my talk on Risk Management. When I asked the audience of seasoned security practicioner

2 min Metasploit

Metasploit Version 3.6 Delivers Enhanced Command-Line Options and PCI Peports

Originally Posted by Chris Kirsch All Metasploit editions are seeing an update to version 3.6 today, including an enhanced command-line feature set for increased proficiency and detailed PCI reports with pass/fail information for a comprehensive view of compliance posture with PCI regulations. Here's an overview of what's new: The new Metasploit Pro Console offers powerful new features that help professional penetration testers complete their job more efficiently in their preferred environmen

4 min Exploits

Setting Up a Test Environment for VPN Pivoting with Metasploit Pro

Penetration testing software only shows its true capabilities on actual engagements. However, you cannot race a car before you've ever sat in the driver's seat. That's why in this article I'd like to show you how to set up a test environment for VPN pivoting, a Metasploit Pro [] feature for intermediate and advanced users recently described in this post [

2 min Metasploit

How VPN pivoting creates an undetectable local network tap

Let's assume your goal for an external penetration test is to pwn the domain controller. Of course, the domain controller's IP address is not directly accessible from the Web, so how do you go about it? Seasoned pentesters already know the answer: they compromise a publicly accessible host and pivot to other machines and network segments until they reach the domain controller. It's the same concept as a frog trying to cross a pond by jumping from lily pad to lily pad. If you have already

2 min Exploits

Take an Earlier Flight Home with the New Metasploit Pro

We love it, our beta testers loved it, and we trust you will as well: today we're introducing Metasploit Pro [], our newest addition to the Metasploit family, made for penetration testers who need a bigger, and better, bag of tricks. Metasploit Pro provides advanced penetration testing capabilities, including web application exploitation and social engineering. The feedback from our beta testers has been fantastic, most people loved how easily