May 5, 2009 - I will be speaking at the SANS 2009 Pen-Test Summit on the future of Metasploit and some of the recent updates to the project. The summit runs May 31st to June 9th at the Paris in Las Vegas. (continue reading...) Read more
March 24, 2009 - The Metasploit Framework has had performance issues at startup for a long time. It is not uncommon for initial loading of our 600+ modules to take upwards of 30 seconds (or worse on older hardware). Previously, I attributed (continue reading...) Read more
March 22, 2009 - In my previous post, I described the keystroke sniffing capabilities of the Meterpreter payload. One of the key restrictions of this feature is that it can only sniff while running inside of a process with interactive access to the (continue reading...) Read more
March 22, 2009 - Earlier this afternoon, I committed some code to allow keystroke sniffing through Meterpreter sessions. This was implemented as set of new commands for the stdapi extension of Meterpreter. Dark Operator, author of many great Meterpreter scripts, already wrote a (continue reading...) Read more
March 22, 2009 - Update: A couple folks pointed out that the VMWare Converter automates most of the issues covered in this post.On August 20th, 2007 NIST's Federal Desktop Core Configuration project released its initial set of (continue reading...) Read more
February 23, 2009 - Over the last two months, rumors of an unpatched vulnerability in the Adobe Acrobat products have been circulating. Last Thursday (the 19th), the Shadowserver folks confirmed that there is an exploit in the wild and that they had (continue reading...) Read more
February 19, 2009 - Earlier this week, Valsmith and I taught a two-day class at BlackHat DC called Tactical Exploitation. This class is loosely structured around gaining access to an organization using atypical techniques. We felt that the course was a (continue reading...) Read more
February 14, 2009 - One of the features added in the 3.2 release of the Metasploit Framework was the ability to restrict the db_autopwn command to specific ports and modules matching a given regular expression. This feature can be used to run one (continue reading...) Read more
February 13, 2009 - The good news is that the DDoS against the Metasploit web servers has stopped, the bad is that I won't have time to go into the details of the attack and the mitigation methods until next week. All Metasploit services (continue reading...) Read more
February 10, 2009 - The incoming connection rate has exceeded 15Mbps of just SYN packets, so we decided to point www.metasploit.com and metasploit.com back to 127.0.0.1 for a little while. This is more to keep our ISP happy than any fear of bandwidth charges. (continue reading...) Read more
February 9, 2009 - It looks like our little DDoS buddy got sent home from school early today -- the flood started up again, this time ignoring the DNS name for the metasploit.com web site and instead targeting both IP addresses configured on the (continue reading...) Read more
February 8, 2009 - On Friday, starting around 9:00pm CST, the main metasploit.com was hit with a highly-annoying, if pretty useless distributed denial of service. The attack consisted of a botnet-sourced connection flood against port 80 for the metasploit.com host name. This flood consisted (continue reading...) Read more
January 18, 2009 - A few weeks ago I committed the initial version of a new console command used to communicate with a host: connect. Since then I've slowly added a few more features.If you've ever used Netcat (all of (continue reading...) Read more
January 16, 2009 - I've added the ability to import files into tracked buffers, and also added the ability to make use of them as a memDiff input type. This means a new format for the !jutsu identBuf command:!jutsu identBuf TYPE (continue reading...) Read more