Hey folks, it's towards the end of the second quarter, which means it's high time for another Metasploit Dev Diary! If you already know what this series is about, feel free to just click on over here and read away. If you need more convincing, here's the skinny.
Once a quarter, the indomitable Metasploit engineering team is going to pull you, dear reader, behind the curtain of exploit and module development with these diaries, starting with something interesting that washed up on the shores of our Metasploit Framework pull queue. This look into Metasploit-specific development is useful for those interested in getting involved with our amazing community of open source security developers.
Last quarter, Wei Chen wrote up three (three!) such pull requests (PRs) to much delight and fanfare. This week, we've got one PR, documented in all its gory detail, by William Vu. This time around, we're going to dive straight into ARM exploitation, using Quentin Kaiser's implementation of an old-style stack-based buffer overflow in some Cisco VPN gear.
It's a really fun read, especially if you're interested in, or want to learn more about, ARM debugging and exploitation techniques. After all, the world is increasingly ARM-based, what with all these computers in our pockets and disguised as household appliances, so check it out.
Incidentally, if you're more of an in-person-relationships kind of person, we'll all be around Las Vegas in just a few weeks, so check back here for the details on the Metasploit meetup during Black Hat / DEF Con week in Las Vegas, USA. Seeya in August!