Posts tagged Penetration Testing

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New modules for vCenter Server and Linux Netfilter, plus fixes and enhancements.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

More post modules than we've ever put out in a single release before, courtesy of a university project to add credential gathering capabilities based on the PackRat toolset.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.

5 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

LearnPress authenticated SQL injection Metasploit contributor h00die [https://github.com/h00die] added a new module that exploits CVE-2020-6010 [https://attackerkb.com/topics/x12K9JOfk2/cve-2020-6010?referrer=blog], an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to inject arbitrary code through an SQL query. This exploit can be used to collect usernames and password hash

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.

3 min Cybersecurity

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Five new modules, including an exploit for "HiveNightmare" CVE-2021-36934, and new fixes and enhancements.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Three fresh modules for Cisco targets and rConfig, plus new enhancements and fixes.

3 min Metasploit

Metasploit Wrap-Up

New Emby version scanner, IPFire authenticated RCE, HashiCorp Nomad RCE, Microsoft SharePoint unsafe control and ViewState RCE.

6 min Detection and Response

Attack Surface Analysis Part 2: Penetration Testing

In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Two new modules and a few enhancements and fixes, including improvements to the analyze command.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.