HackDig : Dig high-quality web security articles

Cobalt Strike, a penetration testing tool abused by criminals

If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probably the best known project for penetration testing—is an expl
Publish At:2021-06-01 15:59 | Read:469 | Comments:0 | Tags:Researcher's corner cobalt strike metasploit pen-testing

Thinking of a Cybersecurity Career? Read This

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields
Publish At:2020-07-24 18:59 | Read:1818 | Comments:0 | Tags:How to Break Into Security Alan Paller DEFCON Groups Kali Li

New Metasploit RFTransceiver extension allows testing IoT sevices

Metasploit RFTransceiver extension implements the Hardware Bridge API that will allow organizations to test wireless devices operating outside 802.11 spec. Recently we reported the news of the availability of a new hardware bridge for Metasploit extension to test hardware, including IoT devices. We have to consider that IoT devices are pervading our day lif
Publish At:2017-03-22 23:35 | Read:5194 | Comments:0 | Tags:Breaking News Hacking IoT Metasploit Metasploit RFTransceive

Popular hacking toolkit Metasploit adds hardware testing capabilities

The Metasploit hacking toolkit now includes a new hardware bridge that makes it easier for users to analyze hardware devices. The popular offensive hacking toolkit Metasploit now is powerful, it included a hardware bridge to conduct security tests on hardware. It is a great support to the users that have to test hardware, including IoT devices. Metasploit al
Publish At:2017-02-03 16:25 | Read:5534 | Comments:0 | Tags:Breaking News Hacking CAN Hardware Metasploit

Now Officially Supporting Kali Linux 2.0

In August, we were getting a lot of questions about Kali 2. I have answered some questions in Metasploit on Kali Linux 2.0 blog post in the past. Today, I am pleased to announce that we extend our official platform support to three new operating systems which are now listed in Metasploit System Requirements page:Kali Linux 2.0Red Hat Enterprise Server 7.1 or
Publish At:2015-10-20 16:15 | Read:4685 | Comments:0 | Tags:metasploit kali-linux kali supported-platforms

New Metasploit Tools to Collect Microsoft Patches

Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate. The same process is also used to find the range of builds affected by a vulnerability, which tends to be
Publish At:2015-10-09 03:05 | Read:4558 | Comments:0 | Tags:metasploit metasploit microsoft microsoft patches patches

Metasploit Framework Tools Reorg

There are a wide variety of interesting and useful tools in the Metasploit Framework. Many of these are available from the top-level of Metasploit in the form of modules and library code. You can find countless tutorials and blogs about how to put msfconsole, msfvenom and other top-level commands to good use. However, not many people know about the 'tools' d
Publish At:2015-10-09 03:05 | Read:3375 | Comments:0 | Tags:metasploit tools clean toolkit

Flipping bits in the Windows Kernel

Recently, the MS15-061 bulletin has received some attention. This security bulletin includes patches for several Windows Kernel vulnerabilities, mainly related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been very well covered. First, the same Udi Yavo published details about the Use After Free on a blog entry. Later, Dominic Wan
Publish At:2015-10-01 15:05 | Read:6697 | Comments:0 | Tags:metasploit windows kernel ms15-061

A debugging session in the kernel

Last week, an awesome paper about the MS15-078 vulnerability and it's exploitation was published by Cedric Halbronn. This vulnerability, originally found and exploited by Eugene Ching, already has a work-in-progress module in Metasploit, which you can follow on github. I recommend checking all the materials above, not only if you enjoy windows kernel ex
Publish At:2015-09-11 01:05 | Read:8965 | Comments:0 | Tags:metasploit windows kernel ms15-078

Metasploit + VHOSTS in mass

maybe this was a solved problem but I couldn't find a solution online.Problem #1:Metasploit RHOSTS takes the file parameter so you can pass in a list of ip ranges. It will also take hostnames  as long as they resolve. If you have giant list of stuff and one of them doesn't resolve then the RHOSTS wont load and you'll want to cry.Problem #2:Lots of proxy
Publish At:2015-08-18 12:10 | Read:6845 | Comments:0 | Tags:Metasploit Pentesting resource scripts scripting

Metasploit on Kali Linux 2.0

As you are aware, Kali 2.0 has been released this week and getting quite a bit of attention, as it should. Folks behind Kali have worked really hard to bring you the new version of Kali Linux that everyone is excited about. If you have already started to play with the new version, you probably have realized that something is different, that is; Metasploit Co
Publish At:2015-08-12 17:10 | Read:5213 | Comments:0 | Tags:metasploit kali-linux kali

Safely Dumping Domain Hashes, with Meterpreter

Dumping the stored password hashes from a live Domain Controller can be tricky. There are a number of things to consider, and there have been several approaches over the years. Some of these approaches have had glaring problems with them. We’ve recently changed all that. Before we talk about our new approach, let’s take a look at the history ther
Publish At:2015-07-01 17:25 | Read:5230 | Comments:0 | Tags:metasploit credentials post-exploitation domains

New Chrome Extension Blocks BeEF Attacks

An engineer has devised a new way to help combat BeEF, or browser exploit framework attacks.The tool, a Chrome extension, detects and blocks hooks from BeEF–an exploit tool similar to Metasploit–that uses JavaScript to control browsers. Routinely used by researchers, pen testers, and attackers, the tool has a multifunctional control panel that al
Publish At:2015-06-26 16:20 | Read:4456 | Comments:0 | Tags:Web Security attack tools BeEF attacks Brian Wallace Browser

Metasploit Framework Rails 4.0 Upgrade

It is always a running battle to keep an application's backend up to date with various technologies. Today, we are excited to announce that Metasploit Framework now ships with Rails 4.0. Upgrades like this are sometimes hard to get excited about because if everything goes well, users should see no difference. There are many reasons to upgrade to Rails 4, tho
Publish At:2015-06-06 18:45 | Read:5446 | Comments:0 | Tags:metasploit framework rails upgrade

Availability of Metasploit Community & Metasploit Pro trials outside US & Canada

Originally posted April 19, 2015Due to changes in regulatory requirements that are applicable to Metasploit (Pro and Community) and similar products, as of Sunday, April 19, 2015, individuals outside of the US and Canada who would like to use Metasploit Pro or the Metasploit Community Edition will need to request a license and provide additional information
Publish At:2015-06-06 18:45 | Read:9608 | Comments:0 | Tags:metasploit community pro restrictions

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud