3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 3/24/17
Faster, Meterpreter, KILL! KILL!
You can now search for and kill processes by name in Meterpreter with the new
pgrep and pkill commands. They both have flags similar to the older ps command,
allowing you to filter by architecture (-a), user (-u), or to show only child
processes of the current session's process (-c). We've also added a -x flag to
find processes with an exact match instead of a regex, if you're into that.
Fun with radiation
Craig Smith has been killing it lately with all his h
6 min
CIS Controls
The CIS Critical Security Controls Explained - Control 4: Controlled Use of Administrative Privilege
The ultimate goal of an information security program
is to reduce
risk. Often, hidden risks run amok in organizations that just aren't thinking
about risk in the right way. Control 4 of the CIS Critical Security Controls
can be contentious,
can cause bad feelings, and is sometimes hated by system administrators and
users alike. It is, however, one of the controls that can h
3 min
Metasploit
Exploiting Macros via Email with Metasploit Pro Social Engineering
Currently, phishing is seen as one of the largest infiltration points for
businesses around the globe, but there is more to social engineering than just
phishing. Attackers may use email and USB keys to deliver malicious files to
users in the hopes of gaining access to an organization's network. Users that
are likely unaware that unsolicited files, such as a Microsoft Word document
with a macro, may be malicious and can be a major risk to an organization.
Metasploit Pro
4 min
Penetration Testing
Combining Responder and PsExec for Internal Penetration Tests
By Emilie St-Pierre, TJ Byrom, and Eric Sun
Ask any pen tester what their top five penetration testing tools
are for internal
engagements, and you will likely get a reply containing nmap, Metasploit,
CrackMapExec, SMBRelay and Responder.
An essential tool for any whitehat, Responder is a Python script that listens
for Link-Local Multicast Name Resolution (LLMNR), Netbios Name Service (NBT-NS)
and Multicast Domain Name System (mDNS)
5 min
Komand
Malware Incident Response Steps on Windows, and Determining If the Threat Is Truly Gone
Malware can be a sneaky little beast. Once it's on your computer or network, it
may be hard to detect unless you're explicitly looking for it. When dealing with
malware, it is extremely important to not only know the signs to look for, but
also how to stop malware in a timely manner to reduce the spread of infection in
the event that it's detected.
Malware can spread pretty quickly, especially in a corporate environment where
company-wide email is used as the primary method of communication and
4 min
Metasploit
Metasploit's RF Transceiver Capabilities
The rise of the Internet of Things
We spend a lot of time monitoring our corporate networks. We have many tools to
detect strange behaviors. We scan for vulnerabilities. We measure our exposure
constantly. However, we often fail to recognize the small (and sometimes big)
Internet of Things (IoT) devices that are all around our network, employees, and
employees' homes. Somewhat alarmingly – considering their pervasiveness — these
devices aren't always the easiest to test.
Though often difficult,
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 2 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity Information Sharing - European Perspective (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we already reviewed incident response life cycle
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
We also discussed information sharing requirements
5 min
CIS Controls
The CIS Critical Security Controls Explained - Control 3: Continuous Vulnerability Management
Welcome to the third blog post on the CIS Critical Security Controls
! This week, I will
be walking you through the third Critical Control: Continuous Vulnerability
Management. Specifically, we will be looking at why vulnerability management
and remediation is
important for your overall security maturity, what the control consists of, and
how to implement it.
Organizations operat
2 min
Metasploit
Metasploit, Google Summer of Code, and You!
Spend the summer with Metasploit
I'm proud to announce that the Metasploit Project has been accepted as a mentor
organization in the Google Summer of Code! For those unfamiliar with the
program, their about page sums it
up nicely:
> Google Summer of Code is a global program focused on introducing students to
open source software development. Students work on a 3 month programming project
with an open source organization during their break from univer
1 min
Application Security
Apache Struts Vulnerability (CVE-2017-5638) Protection: Scanning with Nexpose
On March 9th, 2017 we highlighted the availability of a vulnerability check in
Nexpose for CVE-2017-5638
–
see the full blog post describing the Apache Struts vulnerability here
. This check would
be performed against the root URI of any HTTP/S endpoints discovered during a
scan.
On March 10th, 2017 we added an additional check that would work in conjunctio
4 min
Komand
How to Onboard and Train Your Security Team
Hiring the right people
is the first step when building a great security operations team. But you also
have to train them on how your company approaches and implements security
measures.
The common reality is that many companies lack the time or expertise to design
and execute an effective training program. Hiring the best security people still
means they need to understand how your network and systems are confi
9 min
Metasploit
Pen Testing Cars with Metasploit and Particle.io Photon Boards
TL;DR
This post details how to use the MSFRelay library for Photon boards to write
your own Metasploit compatible
firmware. Specifically for an add-on called Carloop. If you have a Carloop and
just want it to work with Metasploit without having to write any code (or read
this) then I've also provided the full code as a library example in the Particle
library and can be found here
4 min
Vulnerability Disclosure
R7-2017-01: Multiple Vulnerabilities in Double Robotics Telepresence Robot
This post describes three vulnerabilities in the Double Robotics Telepresence
Robot ecosystem related to improper authentication, session fixation, and weak
Bluetooth pairing. We would like to thank Double Robotics for their prompt
acknowledgement of the vulnerabilities, and in addressing the ones that they
considered serious. Two of the three vulnerabilities were patched via updates to
Double Robotics servers on Mon, Jan 16, 2017.
Credit
These issues were discovered by Rapid7 researcher Deral