The official home of the Metasploit Framework’s source code has been github for a while now. Ever since the move to Git, Rapid7 has operated a subversion server that allowed older Metasploit Framework environments to continue to receive updates. Soon this SVN server will shut down (it’s time). That’s what these messages are about: If […]
CTA Type: Resource
My Software Development Practices: The Joel Test
Joel Spolsky is one of my favorite writers on the topic of software development. He coined a 12-step Joel Test to determine if your company had sane development practices. A lot of these are very common sense, but I’d like to share a little about how I work and this seems a good way to […]
Read More… from My Software Development Practices: The Joel Test
Cobalt Strike Boxed Set comes to ShmooCon
It’s the middle of February, love is in the air, and… I’m busy preparing for my favorite hacker conference ShmooCon. This year, for the second year in a row, Strategic Cyber LLC is sponsoring ShmooCon. Last year, I had intended to launch Cobalt Strike. Except, it wasn’t called Cobalt Strike and someone else beat me […]
A Vision for Distributed Red Team Operations
Last year I gave a talk on Force Multipliers for Red Team Operations. In that talk, I elaborated on my search for capabilities that make us more effective with our hacking tools. I spelled out three areas of work: collaboration, automation, and distribution. I’ve put a lot of work into collaboration capabilities already and the […]
Read More… from A Vision for Distributed Red Team Operations
Getting Started with Armitage and the Metasploit Framework (2013)
So, I just realized there isn’t a modern tutorial on how to start Armitage and take advantage of it. There’s the documentation, but my documentation tries to cover every corner case and it’s not friendly to the novice who wants to try it out quickly. I do not know of a getting started guide that is up […]
Read More… from Getting Started with Armitage and the Metasploit Framework (2013)
Tactics to Hack an Enterprise Network
In June 2012, I released Cobalt Strike, a commercial penetration testing package that picks up where Armitage leaves off. Cobalt Strike is a direct expression of what I think a penetration test looks like. If you’re interested in this vision, this post will walk you through it. The term penetration test is overloaded and may mean something different with […]
One Shot, One Kill – An Intelligent Web Drive-by Exploit Server
One of my favorite features in Cobalt Strike is the system profiler. This web application digs deep into your browser to discover the client-side applications that I, as the attacker, can touch. To go along with the system profiler, I maintain a database that maps these applications to exploits in the Metasploit Framework. The system […]
Read More… from One Shot, One Kill – An Intelligent Web Drive-by Exploit Server
Fresh Paint for the Java Applet Attack
Java is a popular vector for penetration testers and those who penetrate networks without an invitation. An attacker creates a website to host a Java applet. In the simplest case, the Java applet is signed with a certificate. The user is asked “do you want to allow this applet to run?” The user’s yes response […]
My exploits can beat up your exploits
TL;DR Rapid7 wrote a blog post claiming that their exploits are better. I think the Metasploit Framework’s coverage is fine, but some other vendors do better with AV-safe client-side exploits. Over time, memory corruption exploits will become less relevant to penetration testers. Let’s talk about how penetration testing is evolving, not who has “the best” […]
How to Milk a Computer Science Education for Offensive Security Skills
Recently, a poster on reddit asked how to get into offensive security as a student studying Computer Science. Before the post was removed, the poster expressed an interest in penetration testing or reverse engineering. I studied Computer Science at different schools (BSc/MSc/Whateverz). This is timely as a new semester is about to begin and students still […]
Read More… from How to Milk a Computer Science Education for Offensive Security Skills