Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

January 14, 2019

Metasploit Unleashed

Filed under: Cybersecurity,Hacking,Metasploit — Patrick Durusau @ 8:22 pm

Metasploit Unleashed – Free Ethical Hacking Course

From the webpage:

The Metasploit Unleashed (MSFU) course is provided free of charge by Offensive Security in order to raise awareness for underprivileged children in East Africa. If you enjoy this free ethical hacking course, we ask that you make a donation to the Hackers For Charity non-profit 501(c)(3) organization. A sum of $9.00 will feed a child for a month, so any contribution makes a difference.

We are proud to present the most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. This course is a perfect starting point for Information Security Professionals who want to learn penetration testing and ethical hacking, but are not yet ready to commit to a paid course. We will teach you how to use Metasploit, in a structured and intuitive manner. Additionally, this free online ethical hacking course makes a wonderful quick reference for penetration testers, red teams, and other security professionals.

We hope you enjoy the Metasploit Unleashed course as much as we did making it!

You should start with the Requirements for the course. Seriously, read the directions first!

For example, I was anticipating using VirtualBox VMs, only to discover that the Metaploitable VM is for VMware only. So I have to install VMware, convert Metasploitable to OVF and then import into VirtualBox. That sounds like a job for tomorrow! Along with a post about my experience.

January 11, 2019

Metasploit Framework 5.0 Released!

Filed under: Cybersecurity,Hacking,Metasploit — Patrick Durusau @ 4:52 pm

Metasploit Framework 5.0 Released!

From the post:

We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year. As the first major Metasploit release since 2011, Metasploit 5.0 brings many new features, as well as a fresh release cadence. Metasploit’s new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and ease-of-use lay the groundwork for better teamwork capabilities, tool integration, and exploitation at scale.

Get it (and improve it)

As of today, you can get MSF 5 by checking out the 5.0.0 tag in the Metasploit Github project. We’re in the process of reaching out to third-party software developers to let them know that Metasploit 5 is stable and ready to ship; for information on when MSF 5 will be packaged and integrated into your favorite distribution, keep an eye on threads like this one. As always, if you find a bug, you can report it to us on Github. Friendly reminder: Your issue is a lot more likely to get attention from us and the rest of the community if you include all the information we ask for in the issue form.

Contributions from the open source community are the soul of Metasploit. Want to join the many hackers, researchers, bug hunters, and docs writers who have helped make Metasploit awesome over the years? Start here. Not into Ruby development? Help us add to our Python or Go module counts.

A beginning set of release notes for Metasploit 5.0 is here. We’ll be adding to these over the next few months. As always, community PRs are welcome! Need a primer on Framework architecture and usage? Take a look at our wiki here, and feel free to reach out to the broader community on Slack. There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can’t find something you want in our wiki, ask Google or the community what they recommend.

See all the ways to stay informed and get involved at https://metasploit.com.

Before rushing off to put Metasploit Framework 5.0 to use, take a moment to consider contributing back to the Metasploit community.

The near panic for new cybersecurity hires and code to protect against attacks can only result in new security fails and vulnerabilities. Metasploit needs your help to keep up with self-inflicted security issues across government and business entities.

With your help, the CIA, and NSA will be defaulting to Metaspoilt Framework 5.0 as their default desktop hacking app! Of course, neither the CIA nor the NSA can endorse or acknowledge their use of Metaspoilt but one can dream!

February 26, 2016

Pwning Common Backdoors and Botnets with Metasploit

Filed under: Cybersecurity,Metasploit,Security — Patrick Durusau @ 4:08 pm

Pwning Common Backdoors and Botnets with Metasploit

From the post:

The Metasploit Framework has a lot of exploit modules including buffer overflow attacks, browser exploits, web application vulnerabilities, backdoor exploits, bot pwnage tools, etc. Exploit developers and contributors to the framework have shared a wide variety of interesting and very useful stuffs.

For this article, we will talk about utilizing Metasploit to hack and take over common backdoors and botnets. We will not go into all of the modules, but we will be mentioning some modules that could be of use to your future penetration testing job or work. We will not be doing exploit development so no need to get your debuggers and code editors.

If you are new to using Metasploit Framework particularly with the msfconsole (command-line interface of the framework) then you don’t need to worry because this is a simple step by step guide also on how to use an exploit module. One of the things needed for this tutorial is that you have Metasploit installed on your attacker machine thus I would advise you to have Kali Linux or maybe BackBox Linux which are penetration testing distributions and have Metasploit pre-installed.

For our target machine, I also suggest that you install Metasploitable 2 on your favorite virtualization platform like VMWare or VirtualBox. Metasploitable 2 is a vulnerable Ubuntu Linux virtual machine which is good for practicing your Metasploit-fu skills because it is built to be insecure and to be your pet.

Except for U.S. Presidential primaries and their “debates,” one of which was captured by closed-captioning as:

cnn-debate

most of the major sports are between seasons.

No better time than the present to begin acquiring and/or polishing your Metasploit skills!

The Insecure Internet of Things (IIoT) requires the digital equivalent of a “church key” for entry:

A5-Church-Key

but there are more sophisticated (and lucrative) targets.

Enjoy!

Powered by WordPress