July 28th, 2008 Anthony Towry
I haven't been up to a lot lately. I'm finishing out my term with my current employer, getting equipment ready for Las Vegas, and thinking about the viability of a few personal projects.
I have however found time to do a little reading. Over at the SANS Reading Room there is a paper titled Effectiveness of Antivirus in Detecting Metasploit Payloads by Mark Baggett. This is a really solid paper with some great work done by Mark. Mark takes the reader from a basic payload, to customizing options, to making use of the msfencode functions, etc. In addition to the authors goals, this paper could serve as a great jumping off point for pentesters wishing to make use of metasploit payloads instead of say the CORE agent. I wouldn't call it deeply technical, but it does clearly illustrate some of the issues with today's antivirus solutions.
Posted in Security | No Comments »
July 15th, 2008 Anthony Towry
Metasploit is a tool that has forever changed the information security landscape. One would be hard pressed to find a tool as versatile, powerful and as supported in the hacking community today. On top of all that good mojo, it comes free of charge!
I get excited about Metasploit (who wouldn't). I wanted this book to match that excitement; To dive into Metasploit in new and exciting ways. It didn't. This book is written by some very smart guys, but goes about as deep as the average user guide. There's nothing new here really and most of what's discussed could be better absorbed through a few hours of playing with the application itself.
Overall this was a disappointment, one that could have been a whole lot better.
Posted in Security | No Comments »
January 28th, 2008 Anthony Towry
Script kiddies rejoice! Metasploit 3.1 is out on the streets. This version comes boxed with a generous helping of attack modules (450+) prepared for your pwning pleasure.
Very cool stuff for your pen testing needs!
Posted in Security | No Comments »
