August 28, 2011 - A worm abusing the Remote Desktop service is making the rounds, currently named Morto. This worm gains access by trying a small number of weak passwords for the local Administrator account. After compromising the server, (continue reading...) Read more
August 26, 2011 - An interesting thing happened to me this year while at Defcon 19. I was in the shwag line waiting for some friends to pick out some items for their order when all of a sudden I (continue reading...) Read more
August 1, 2011 - If you're packing to go to Black Hat, Defcon or Security B-Sides in Las Vegas, make sure you also download Metasploit 4.0 to entertain you on the plane ride. If you missed the recent announcement, check out (continue reading...) Read more
August 1, 2011 - It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. (continue reading...) Read more
July 27, 2011 - HDM recently added password cracking functionality to Metasploit through the inclusion of John-the-Ripper in the Framework. The 'auxiliary/analyze/jtr_crack_fast' module was created to facilitate JtR's usage in Framework and directly into Express/Pro's automated collection (continue reading...) Read more
July 26, 2011 - It'll only be days until you can download the new Metasploit version 4.0! The new version marks the inclusion of 36 new exploits, (continue reading...) Read more
July 25, 2011 - Are you an artist? Do you possess mad ASCII art skills? Do you like the idea of having your artwork on the face of an open source project that's one of the world's largest, de-facto standard for (continue reading...) Read more
July 22, 2011 - Early in the 3.x days, metasploit had support for using databases through plugins. As the project grew, it became clear that tighter database integration was necessary for keeping track of the large amount of information a pentester (continue reading...) Read more
July 21, 2011 - After more than 30 days of hardcore and intense exploit hunting, the Metasploit Bounty program has finally come to an end. First off, we'd like to say that even though the Metasploit Framework has made exploit development (continue reading...) Read more
July 8, 2011 - One of my key objectives for developing the new vSploit modules was to test network devices such as Snort. Snort or Sourcefire enterprise products are widely deployed in enterprises, so Snort (continue reading...) Read more
July 8, 2011 - As of this writing, Metasploit has 152 browser exploits. Of those, 116 use javascript either to trigger the vulnerability or as a means to control the memory layout of the browser process . Right now most of (continue reading...) Read more
June 30, 2011 - A few weeks ago the Metasploit team announced a bounty program for a list of 30 vulnerabilities that were still missing Metasploit exploit modules. The results so far have been extremely positive and I wanted (continue reading...) Read more
June 28, 2011 - The Meterpreter payload within the Metasploit Framework (and used by Metasploit Pro) is an amazing toolkit for penetration testing and security assessments. Combined with the Ruby API on the Framework side and you have the simplicity of (continue reading...) Read more
June 27, 2011 - If you weren’t already aware, Rapid7 (continue reading...) Read more
June 25, 2011 - Sometimes little things can make a huge difference in usability -- the Metasploit Framework Console is a great interface for getting things done quickly, but so far, has been missing the capability to save command and module (continue reading...) Read more
June 20, 2011 - It's that time again! The Metasploit team is proud to announce the immediate release of the latest version of the Metasploit Framework, 3.7.2. Today's release includes eleven new exploit modules and fifteen post modules for (continue reading...) Read more
June 14, 2011 - The Metasploit team is excited to announce a new incentive for community exploit contributions: Cash! Running until July 20th, our Exploit Bounty program will pay out $5,000 in cash awards (in the form (continue reading...) Read more
June 13, 2011 - vSploit Modules will be released at DEFCON This is a follow-up post for vSploit (continue reading...) Read more
June 2, 2011 - Many organizations are making significant investments in technologies in order to tell if they have been compromised; however, frequently they find out when it is too late. There are several network-based attributes that, when combined, indicate possible (continue reading...) Read more
May 26, 2011 - The best exploits are often not exploits at all -- they are code execution by design. One of my favorite examples of this is a signed java applet. If an applet is signed, (continue reading...) Read more