Posts tagged Windows

6 min Metasploit

Abusing Windows Remote Management (WinRM) with Metasploit

Late one night at Derbycon [https://www.derbycon.com/], Mubix [https://twitter.com/mubix] and I were discussing various techniques of mass ownage. When Mubix told me about the WinRM service, I wondered: "Why don't we have any Metasploit modules for this yet?" After I got back , I began digging. WinRM/WinRS WinRM is a remote management service for Windows that is installed but not enabled by default in Windows XP and higher versions, but you can install it on older operating systems as well. Win

1 min Microsoft

Microsoft Releases Windows Server Update Services (WSUS) Update

Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2): http://support.microsoft.com/kb/2720211 By hardening the Windows Server Update Services (WSUS), Microsoft is attempting to assure their customers that they can trust the update process. From a security perspective, Flame isn't a mass threat to most organizations; however, this is a way to ensure the integrity of the update process. It is apparent that Microsoft was working on many of these upda

5 min Metasploit

Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering

As of a few days ago [https://github.com/rapid7/metasploit-framework/pull/98], the Metasploit Framework has full read-only access to offline registry hives. Within Rex you will now find a Rex::Registry namespace that will allow you to load and parse offline NT registry hives (includes Windows 2000 and up), implemented in pure Ruby. This is a great addition to the framework because it allows you to be sneakier and more stealthy while gathering information on a remote computer. You no longer need

2 min Patch Tuesday

January Patch Tuesday Roundup

So I know we all were hoping to see a fix for some of this Windows Graphic Rendering Engine [http://] nastiness...but no go. For now, you'll need to resort to the good ol' FixIt [http://support.microsoft.com/kb/2490606] option or if you wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly. Either way, if you're running IE, you'll have to patiently wait for the official patch release. So this monthly release was lean-n-mean, Microsoft released (2) bulletins, addressing (3)