Metasploit Wrap-Up
Two new RCE-capable modules and some good fixes and enhancements!…
Announcing the 2020 December Metasploit community CTF
It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.…
Metasploit Wrap-Up
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.…
Metasploit Wrap-Up
Insert 'What Year Is It' meme h00die contributed the Mikrotik unauthenticated directory traversal file read auxiliary gather module, largely a port of the PoC by Ali Mosajjal. The vulnerability CVE-2018-14847 allows any file from the router to be read through the Winbox server in RouterOS…
Metasploit Wrap-Up
Support for gathering ProxyUsername and ProxyPassword for saved PuTTY sessions, usability improvements for PsExec modules, and another CTF coming soon.…
Metasploit Wrap-Up
A bug fix for EternalBlue on Metasploit 6, four new modules, and a bunch of enhancements.…
Metasploit Wrap-Up
Hacktoberfest 2020 and wisdom from around the Metasploit water cooler. Keep an eye out for more info on the next Metasploit community CTF (coming soon).…
Metasploit Wrap-Up
Enhancements, bug fixes, and a new SAP IGS module!…
Metasploit Wrap-Up
Windows secrets dump, an 'in' with Safari, and more!…
Exploitability Analysis: Smash the Ref Bug Class
Two Metasploit researchers evaluate the "Smash the Ref" win32k bug class for exploitability and practical exploitation use cases for pen testers and red teams looking to obtain an initial foothold in the context of a standard user account.…
Metasploit Wrap-up
Nine new modules, including a module for Zerologon, a new SOCKS module, some privilege escalations, and another Java deserialization exploit.…
Metasploit Wrap-Up
Six new modules this week, and a good group of enhancements and fixes!…
Metasploit Wrap-Up
Three new modules, including a Pwn2Own addition for OS X, plus proxy support for Python Meterpreter, new search improvements, and a reminder of how to report security issues in Metasploit.…
Metasploit Wrap-Up
New reflective PE file loader, a new module, new search improvements, and updates on Google Summer of Code projects.…
Metasploit Wrap-Up
Give me your hash This week, community contributor HynekPetrak added a new module for dumping passwords and hashes stored as attributes in LDAP servers. It uses an LDAP connection to retrieve data from an LDAP server and then harvests user credentials in specific attributes. This…
