Here in the U.S., we just celebrated Thanksgiving, which involves being thankful, seeing friends and family, and eating entirely too much (I know that last one is not uncommon here). After a large meal and vacation, we figured that it would be a nice, slow week for security research in the States. Then we opened Twitter and were suddenly happy we had procrastinated and most of us had put off upgrading to High Sierra.

Community CTF

In case you missed yesterday’s announcement, the Linux Metasploitable3 CTF is here! Starting Monday, 500 players can start dropping shells and submitting flags to win one of three cool prizes. Space is limited and we’re already at about two thirds of our capacity, so register here if you haven’t yet. See yesterday’s post above for the official rules and prizes.

New Modules

Exploit modules (2 new)

Auxiliary and post modules (1 new)

One of our newest Metasploit members, Matthew, teamed up with Daniel to add a Slowloris module to Metasploit. Normally, this would involve a pat on the back and a ‘What year is it?!’ joke from wvu, but this module is different. I’ll give you some hints: the whitespace is important in any module, but it’s far more important in this one, and you could say this module has no end.

If you guessed Python, you’re right, and you should probably get out more…like us. This marks the second Python module we’ve released, and hopefully the expansion will be exponential (or at least geometric). If you are interested in submitting more Python modules, please do!

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions.