Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Craig Smith  

AUTHOR STATS:

6

Metasploit's RF Transceiver Capabilities

The rise of the Internet of Things We spend a lot of time monitoring our corporate networks. We have many tools to detect strange behaviors. We scan for vulnerabilities. We measure our exposure constantly. However, we often fail to recognize the small (and sometimes big)…

Pen Testing Cars with Metasploit and Particle.io Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any…

Car Hacking on the Cheap

Metasploit's HWBrige comes with an automotive extension. This works out of the box if you happen to have a SocketCAN compatible CAN sniffer hanging around. However, if you don't have one, there is a decent chance you have a cheap sub $10 vehicle dongle in…

Exiting the Matrix: Introducing Metasploit's Hardware Bridge

Follow the white rabbit... Metasploit is an amazing tool. You can use it to maneuver through vast networks, pivoting through servers and even embedded OSes.  Having a single interface for your team and yourself to control a web of servers and networks is extremely powerful.…

All the (moving) Things!!

Until recently, I was running a small security testing company called Theia Labs.  Theia was small, just myself and a few other contractors, but we built a solid reputation within the auto industry.  During that time, I even wrote the book the Car…

Hacking Cars is Sexy

Five years ago, if you wanted to publicly demonstrate a car hack it usually meant you would (at the very least) get a series of cease and desist letters.  Of course this made it very hard for researchers to report problems.  If a security researcher…