By guest blogger Dustin Heywood, Manager, Security Assurance, ATB Financial
Recently I was invited to participate in Metasploit Pro's Tech Preview Program, where customers are given early access to new product releases. I've taken part in this program before and I have always loved the experience.
For those of you who haven't been involved in a Rapid7 Tech Preview program: It starts out with a call with the customer engagement manager and the product management team, who gave me an overview of the upcoming product changes and logistics. I received a special tech preview build and license key, a test script, and access to a private Security Street space to discuss the new features with peers and Rapid7.
I really liked that Rapid7 doesn't require that you follow the script. In fact, I had direct access to product management to ask questions, discuss bugs and get updated Tech Preview builds.
Rapid7 gathers feedback throughout the process, for example through a phone call and exit survey. I provided feedback on the good, the bad, and how useful I found the features. The entire process is seamless and highly rewarding, so I take part in every Tech Preview I can.
I won't spend a lot of time covering the new release (read this post for more info), but there are new features that definitely make life easier. Metasploit Pro 4.10 is all about credential management & credential reuse. Metasploit's credential features definitely save us time in workflows.
Credentials reuse is a critical security issue. We have already started to leverage the new features in Metasploit Pro to make our penetration tests much more effective. The ability to reuse credentials and raw hashes with just a few clicks is a major time saver, makes for extremely effective demonstrations, and allows for rapid system pivoting.
I had a few weeks to play with the new credentials menu before it was released and was very impressed. Well done to Rapid7 on yet another amazing release.
Note from Rapid7: If you'd like to learn more about the new credentials features and see Metasploit Pro in action, please reserve a space on our free upcoming webcast "Credentials Are the New Exploits: How to Effectively Use Credentials in Penetration Tests"