3 min
Compliance
Disclosure, Destruction, and Denial
A few years ago while I was working at Defense Cybercrime Center (DC3), one of
my colleagues Terrence Lillard talked about the DDD triad in regards to what
attackers want to do to organization's assets. I haven't heard anyone outside of
him using that term, but I think it's worth sharing. I participated in an
awesome mini-conference event last week with the Metasploit Developement team
and this came up during my talk on Risk Management. When I asked the audience of
seasoned security practicioner
2 min
Metasploit
Metasploit Version 3.6 Delivers Enhanced Command-Line Options and PCI Peports
Originally Posted by Chris Kirsch
All Metasploit editions are seeing an update to version 3.6 today, including an
enhanced command-line feature set for increased proficiency and detailed PCI
reports with pass/fail information for a comprehensive view of compliance
posture with PCI regulations.
Here's an overview of what's new:
The new Metasploit Pro Console offers powerful new features that help
professional penetration testers complete their job more efficiently in their
preferred environmen
4 min
Exploits
Setting Up a Test Environment for VPN Pivoting with Metasploit Pro
Penetration testing software only shows its true capabilities on actual
engagements. However, you cannot race a car before you've ever sat in the
driver's seat. That's why in this article I'd like to show you how to set up a
test environment for VPN pivoting, a Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/] feature for intermediate
and advanced users recently described in this post
[https://community.rapid7.com/blogs/rapid7/2010/11/08/how-vpn-pivoting-creates-an-undetectab
2 min
Metasploit
How VPN pivoting creates an undetectable local network tap
Let's assume your goal for an external penetration test is to pwn the domain
controller. Of course, the domain controller's IP address is not directly
accessible from the Web, so how do you go about it? Seasoned pentesters already
know the answer: they compromise a publicly accessible host and pivot to other
machines and network segments until they reach the domain controller. It's the
same concept as a frog trying to cross a pond by jumping from lily pad to lily
pad.
If you have already
2 min
Exploits
Take an Earlier Flight Home with the New Metasploit Pro
We love it, our beta testers loved it, and we trust you will as well: today
we're introducing Metasploit Pro
[http://www.rapid7.com/products/metasploit-pro.jsp], our newest addition to the
Metasploit family, made for penetration testers who need a bigger, and better,
bag of tricks.
Metasploit Pro provides advanced penetration testing
capabilities, including web application exploitation and social
engineering.
The feedback from our beta testers has been fantastic, most people loved how
easily