Blog Posts Tagged with "Metasploit"

3e35900ae6facc6c146a85c435c71d82

Metasploit: The Penetration Tester's Guide

January 30, 2012 Added by:Ben Rothke

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Multiple PLC Zero-Day Vulnerabilities

January 24, 2012 Added by:Headlines

The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Hacking PLC SCADA Systems: Easy as Pushing a Button

January 20, 2012 Added by:Dan Dieterle

Metasploit is used for network security and penetration testing. There are automated options that you can use that will try numerous exploits against a system, and give you a remote shell if one works. Taking this technology and adding PLC exploits is truly scary...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Backtrack 5: Penetration Testing with Social Engineering Toolkit

January 11, 2012 Added by:Dan Dieterle

Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

New Meterpreter Extension Released: MSFMap Beta

January 08, 2012 Added by:Spencer McIntyre

The ICMP and ARP scanning features bring great benefits over many other common methods because MSFMap does not spawn any new processes that may reveal its presence to a watchful user. MSFMap runs entirely in memory and does not write any data to the compromised host...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Defense Against the Black Arts: How Hackers Do What They Do

January 04, 2012 Added by:Ben Rothke

Defense against the Black Arts is another in the line of hacking overview books that started with the first edition of Hacking Exposed. Like Hacking Exposed, the book walks the reader through the process of how to use hacking tools and how to make sense of their output...

Comments  (1)

1a490136c27502563c62267354024cd5

PenTest: Get to Know Yourself Before Others Do

December 14, 2011 Added by:Malgorzata Skora

With multi-tier network architectures, web services, custom applications, and heterogeneous server platform environments, keeping data assets secure is more difficult than ever. Coupled with this complexity is the fact that criminal organizations have organized their hacking efforts...

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

Run POST Modules On All Sessions

December 05, 2011 Added by:Rob Fuller

You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module... We know we can run ruby inside of resource files with the tag...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

MSFConsole Prompt Fiddling

November 17, 2011 Added by:Rob Fuller

In my presentation at DerbyCon 2011 we talked about using SCREEN and SCRIPT to keep connections live / use them across SSH sessions, and log everything. What we didn't cover is the fact that there isn't a time stamp for those logs. Now, Metasploit has multiple ways of creating logs...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

BackTrack 5 Wireless Penetration Testing Beginner’s Guide

October 22, 2011 Added by:Dan Dieterle

This includes everything from bypassing authentication & cracking encryption, to advanced techniques like man-in-the-middle attacks and attacking WPA-Enterprise, with discussions Wireless penetration methodology, testing and reporting...

Comments  (3)

53692ae1a8e713373b8a487ce89ee3e2

OS X Lion Captive Portal Hijacking Attack

October 07, 2011 Added by:Tom Eston

OS X Lion's new feature poses a security risk. When an OS X laptop joins a network which contains a captive portal, a window is automatically opened to prompt the user to interact with it. This presents a major security risk if an attacker can control this functionality...

Comments  (1)

71d85bb5d111973cb65dfee3d2a7e6c9

Happy Birthday MS08-067

October 06, 2011 Added by:f8lerror

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the simple fact is the attack still works. The vulnerability was widely used in conjunction with the conficker worm, which affected more than seven million systems...

Comments  (3)

7e364bbac217114a59e547b354e7f7ad

DerbyCon Talks You Don’t Want to Miss

September 28, 2011 Added by:Gary McCully

When people think of PenTesting, they immediately think of Buffer Overflows, Weak Passwords, and SQL Injection. What people fail to realize is that in many cases it is easier to use “features” of applications already installed to get a foothold into a corporation’s network...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack Metasploit Megaprimer

September 28, 2011 Added by:Dan Dieterle

The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...

Comments  (2)

B64e021126c832bb29ec9fa988155eaf

Capturing Logins with Keyscan and Lockout_Keylogger

September 26, 2011 Added by:Dan Dieterle

Sometimes a penetration tester may have remote access to a user’s machine, but he may not have the password, or the user has a very long complex password that would take too long to crack. Backtrack 5′s Metasploit Framework has a utility for capturing keys pressed on a target machine...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Populating Your Virtual Victim Domain

September 26, 2011 Added by:Rob Fuller

Adding users to a domain for learning, training, or for testing things out on can be tedious. Most of the time I just put a few users , however that doesn't give someone in training much, i.e.: It's really easy to identify the 'interesting' users when there are only a couple to pick from...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »