Who watches the watchers?

If you are checking up on an organization using Trend Micro Web Security, it might be you. A new module this week takes advantage of a chain of vulnerabilities to give everyone (read unauthenticated users) a chance to decide what threats the network might let slip through.

Following the trend, what about watchers that are not supposed to be there?

Agent Tesla Panel is a fun little trojan (not to be found zipping around on our highways and byways) which now offers, again for everyone, extra control of long running undetected instances. Then again, if your trojan is still running after 2 years, it probably deserves some new friends.

Just when you think you have you lost them, they light your safe space on fire!

After going to all the trouble of connecting to a VPN to "protect" those cat videos form prying eyes, your Cisco AnyConnect client just gave you away. With help from someone with access rights, a new local privilege escalation module for CVE-2020-3153 talks to a friendly localhost service and asks nicely to receive SYSTEM access on Windows endpoints.

New modules (4)

Enhancements and features

  • Standardise Error Logging by Adam Galway, updates the error logging API to additionally take an error object, and updates the existing elog calls within the codebase to use this new API.

Bugs fixed

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).