HackDig : Dig high-quality web security articles for hackers

Weekly Metasploit Wrapup: Hackers of Might and Magic

Vegas: That's a WrapWell, another trek out to the Nevada desert is behind us. I actually love heading out there every year, since it gives me a chance to connect with a sizable chunk of the Metasploit contributor community in a corporeal way. That just fills me with warm fuzzies, so thanks to all of you who made the pilgrimage. You, the open source security
Publish At:2015-08-14 04:20 | Read:4519 | Comments:0 | Tags:games weekly-update lester

Weekly Metasploit Wrapup: T-Shirts, T-Shirts, And Some Modules

Black Hat T-Shirts!Well, it's a week or so until DEF CON 23, and since you're all busy prepping all your demos and presentations and panels and things, I figured I should remind you that among all your gear, you should probably toss some clothes in your bag before you head out the door. In case this slips your mind, though, don't sweat, we have you covered.&
Publish At:2015-07-31 08:15 | Read:6509 | Comments:0 | Tags:weekly-update tshirts blackhat2015 defcon23

Weekly Metasploit Wrapup: A wild committer appears!

Browser Autopwn Version 2 Hey all! If you haven't been following the Metasploit development over the last few weeks, you know that we've been pretty busy getting Browser Autopwn Version 2 (BAPv2) out the door and into Metasploit Framework. This project was, and is, driven by own own beloved Wei _sinn3r Chen, and it's one of those projects around here th
Publish At:2015-07-24 00:25 | Read:3393 | Comments:0 | Tags:weekly-update bapv2 committers

Weekly Metasploit Wrapup: Meterpretersauce

When You Wish Upon A Shell Image from wishingshells.com, which I totally need nowBack in February we ran a survey to figure out where you, the savvy penetration tester, would like to see Meterpreter go. As a result, we now have the Meterpreter Wishlist, and have been working steadily off of that for the last few months. As of this week, we have a p
Publish At:2015-07-03 03:45 | Read:6088 | Comments:0 | Tags:exploits flash meterpreter weekly-update metasploit-payloads

Weekly Metasploit Wrapup: Two More Flash Exploits

Flash as a Vulnerability Vector While Adobe has made great progress in releasing both regular and emergency updates to Flash, it's becoming clear that Flash itself is becoming an albatross around the neck of every browser. This week, Adobe released APSB15-14, a fix for CVE-2015-3133. This cross-browser vulnerability was discovered and reported by FireEy
Publish At:2015-06-27 10:20 | Read:4451 | Comments:0 | Tags:flash weekly-update exploit

Weekly Metasploit Wrapup: Recog

Recog Scanning with Metasploit This week, our own Jon Hart started in on souping up a couple auxiliary modules with Recog, Rapid7's free, open source platform recognition framework. Metasploit has lots of these version scanners -- 27, to be precise -- in the auxiliary module tree, and nearly all of them would be better off with some more normalized fing
Publish At:2015-06-18 20:25 | Read:3690 | Comments:0 | Tags:flash weekly-update recog

Weekly Metasploit Wrapup: And We're Back!

Originally posted May 7, 2015Hi folks. It's been a little while. I know, I know. Things have been a little wonky around here lately, as you no doubt have noticed. So, while this is nominally the Weekly Metasploit Wrapup, it's been a little more than a month since the Community Cutover on April 1st. That said, our blog platform now seems stable enough to resu
Publish At:2015-06-06 18:45 | Read:4663 | Comments:0 | Tags:metasploit weekly-update

Weekly Metasploit Wrapup: So Many Repos!

Originally posted May 22, 2015Greetings, fellow citizens of the Internet. It's time for your favorite blog post and mine, the Metasploit Weekly Wrapup.So Many ReposIf you've been following along with Metasploit Framework development, you may have noticed that we have more than a couple repositories for committing code. I wanted to take a moment today to outl
Publish At:2015-06-06 18:45 | Read:4606 | Comments:0 | Tags:metasploit weekly-update

Weekly Metasploit Wrapup: SOHO Routers. Again.

Originally posted May 28, 2015 SSDP Attacks are Suddenly HugeLike most of you, I love nothing more than kicking up my feet, donning my smoking jacket, and whiling away my work hours by reading security industry reports, such as Akamai's State of the Internet [Security]. They're dozens of pages long, and tend to reinforce my own personal biases, so it's
Publish At:2015-06-06 18:45 | Read:3826 | Comments:0 | Tags:metasploit weekly-update

Metasploit Weekly Wrapup: Hulk BASH! at DerbyCon

Derbycon After-Action Report As many of you know, last week and weekend was the fourth annual Derbycon -- a mid-sized gathering of security professionals from around the world, held in Louisville, Kentucky. A merge conflict* of Metasploit movers and shakers were there, and it's always nice to see friends, peers, and adversaries all gathered in
Publish At:2014-10-02 22:20 | Read:6063 | Comments:0 | Tags:weekly-wrapup weekly-update bash-bug shellshock derbycon

Ahoy! It's the Metasploit Weekly Wrapup: More on Android UXSS and refreshing JSObfu

First things first -- today is International Talk Like a Pirate Day, which is great for me, given my office decor. Arrr! So grab a flagon of grog, and read on, ye landlubbers! Updates to the Android Universal XSS bug (CVE-2014-6041)This has been a pretty busy week for us here in Metasploit Nation. You probably heard about Rafay Baloch's kind of massive
Publish At:2014-09-19 20:50 | Read:4574 | Comments:0 | Tags:android javascript jsobfu obfuscation uxss weekly-update Xss

Weekly Metasploit Update: Apple, GDB, and Dogecoin

Apple TV TricksThis week, we have three new auxiliary modules that facilitate taking over Apple TV devices, all from community contributor 0a2940, with help from Wei sinn3r Chen and Dave TheLightCosine Maloney. Why Apple TV? Well, for starters, we already have modules for Google's Chromecast, a similar chunk of consumer hardware, and we didn't want Google to
Publish At:2014-09-12 23:30 | Read:4157 | Comments:0 | Tags:apple-tv gdb apple iot weekly-update dogecoin android

Weekly Metasploit Update

Loginpalooza, the Great Credential RefactorIn August, we ran a little contest here in the People's Republic of Metasploit to see about converting a pile of credential-gathering modules to the new after the release of Metasploit 4.10. Today, I'm happy to announce the winners: First place goes to Tom Sellers, for his work on a number of modules and consta
Publish At:2014-09-06 01:50 | Read:4210 | Comments:0 | Tags:kiwi weekly-update mimikatz loginpalooza credentials redmine

Weekly Metasploit Update: Post-4.10 Edition

Since we Last Left Our Heroes...Wow, it's been a busy couple weeks here, post-DefCon/Black Hat. As you no doubt have noticed, we released Metasploit 4.10, which brings some major architectural changes to how our brute force login scanners are written, run, and logged -- you can read up on all that over at Dave TheLightCosine Maloney's delightful documentatio
Publish At:2014-08-30 04:20 | Read:7519 | Comments:1 | Tags:weekly-update howto exploit-dev ntp

Metasploit Weekly Update: a geolocation screencast and some unpatched SNMP vulnerabilities

Where in the world are my shells? A couple weeks back, we published a post module from Tom Sellers which helps out tremendously with geolocating a target computer based on which wireless networks are nearby. Seriously, this module is the bee's knees, and can really help illustrate risk to an organization -- I can imagine scenarios where an attacker has
Publish At:2014-08-09 17:07 | Read:5049 | Comments:0 | Tags:geolocate snmp symantec weekly-update


Share high-quality web security related articles with you:)


Tag Cloud