New Shiny in the Metasploit Framework

•

0 likes•2 views

The document summarizes updates and improvements to the Metasploit framework. It notes that the framework has moved from SVN to GitHub for code hosting. It highlights new exploitation modules for vulnerabilities in SAP, UPnP libraries, IPMI, and WinRM. It also describes new Java, Meterpreter, and Python payloads as well as encoding improvements. The document demonstrates Android and Python Meterpreter functionality and password stealing with Mimikatz. It encourages contacting the author with any other questions.

New Shiny in the
Metasploit
Framework
egypt

Disclaimer
Most of this stuff is:
● Not my code
● Not my research
● Awesome in spite of my involvement

SVN is Dead
Our SVN server was constantly DDoS’d
● Sometimes unintentionally by dumb scrapers
SVN is kinda slow anyway
Big changes required lots more requests
Now we’re 100% on github
Yay two-and-a-half-nines!

Stable Updates
In an installer environment
● Updates about once per week
Development env is still easy to set up
● Tracks bleeding edge (master branch)

SAP
Several people’s research
● CJR did some fun stuff ~2011
● Mariano Nuñez
● Pulled together by nmonkee
Tons of highly valuable information

sap_smb_relay
Convince the SAP box to connect via UNC

SAPRouter
set Proxies sapni:192.0.2.1:3299

UPnP
HDM’s research
Tons of devices all over everywhere
Mostly ancient and never updated

libupnp
“Intel/Portable SDK for UPnP Devices”
Seven, count ‘em SEVEN vulns in one function
Actual libupnp code:
strncpy( TempBuf, ptr1, ptr3 - ptr1 );
Trigger with one UDP packet

IPMI
Intelligent Platform Management Interface
Dan Farmer, HDM
Protocol, run by “Baseband Mgmt Controllers”
● iDrac, iLo, lots of others
Spec requires cleartext password storage
Design-level auth bypass

multi/upnp/libupnp_ssdp_overflow
Remote root on SuperMicro BMCs
Old skewl ret2libc to call system(3)

Other Fun Embedded Stuff
Michael Messner’s research
14 exploits for consumer routers and such

WinRM / WinRS
thelightcosine’s research
psexec is so last year

PhpEXE
Mixin for PHP code execution bugs
For ARCH_PHP payloads, just returns payload
For others, drops a proper executable
● Then tries to unlink it

FileDropper
Convenience methods for cleaning up files
Works for exploits and post

Heap Spraying
corelanc0der’s research, implemented by
sinn3r
Uses JS to create many button elements
Fast, easy, reliable on IE and Firefox

ROP DB
XML format for describing ROP chains
Supported by mona.py

Mem Vuln Landscape has Changed
Mandatory ASLR, DEP
Sandboxing
Automatic, no-interaction updates

A Boatload of Browser 0-day
Pwn2own
Targeted Attacks
● FBI Firefox
At least 3 IE vulns used in the wild
Flash

A Boatload of JRE 0-day
So many vulns that Oracle basically disabled it

New Repositories!
rapid7/metasploit-javapayload
rapid7/meterpreter
Easier to build, maintain, and test

Mac OSX stuff
x64 payloads
● osx/x64/say

lol awk
Awk is a text processing utility
GNU likes to extend utilities
GNU Awk has a full TCP API
lolwut

Ruby Payloads
Created for the Rails XML and YAML bugs

Android Meterpreter
Kinda Proof-of-Concepty
● Requires APK installation
● Have to tap on a UI element
But still awesome
Most features work
● File manipulation
● Configuration stuff
● And Pivoting!

Python Meterpreter
Based on PHP
● But don’t judge

Mimikatz
In-memory password stealer
Cleartext creds for all the things

New Meterpreter API Stuff
netstat/arp commands
Victim-side DNS Resolution

General Meterpreter Improvements
Updated to VS2012
● Much easier to build
Fixed a bug with Reflective DLL Injection
Fixed x64 reverse_https
Fixed stability issues with sniffer on x64

Better /bin/sh Command Encoding
Handles more badchar edge-cases

Stage Encoding
Adds randomness to second stage
Makes network IDS have to work for a living

DB Creds for AuthBrute Modules
Lets you easily reuse creds
Pop a box, steal creds with mimikatz
● Or one of the many post modules
smb_login with them

Questions
@egyp7
egypt@metasploit.com
#metasploit on FreeNode

Zope did many things right originally by using Python and including batteries, but it had some downfalls like being unpythonic, having too many magical parts, and being too complicated. Zope 3 aimed to address these issues but ended up being too abstract and XML-based, slowing development. The document discusses ideas for improving on Zope by having a low entry threshold, being highly modular, and starting with finished applications that use Python and a component architecture.

Lennart Regebro What Zope Did Wrong (And What To Do Instead)

Vincenzo Barone

Zope did many things right originally by using Python and including batteries, but it had some downfalls like being unpythonic, having too many products instead of modules, and becoming too complicated over time. Zope 3 aimed to address these issues but ended up being too abstracted and complex itself. The document discusses potential ways to build on Zope's strengths while avoiding its weaknesses.

SpringOne 2016 in a nutshell

Jeroen Resoort

Can you trust Neutron?

salv_orlando

Owasp AppSecEU 2015 - BeEF Session

Bart Leppens

Bart Leppens gave a presentation on the Browser Exploitation Framework (BeEF). He discussed BeEF's architecture, how it hooks browsers, its module and extension system, and live demonstrations of information gathering, exploitation, and using BeEF with Metasploit. He also covered topics like inter-protocol communication, exploiting protocols like ActiveFax, and porting BeEF bind shellcode to Linux. The talk provided an overview of BeEF's capabilities and real-world attack scenarios.

Nodejs web service for starters

Bruce Li

Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine that allows JavaScript to run on the server. The document provides an introduction to Node.js including what Node.js is, its advantages like being non-blocking and using JavaScript on both the frontend and backend, and how to structure a basic Node.js application. It also demonstrates how to build a simple web service in Node.js that takes two numbers as input and returns their multiplied output.

Webconf nodejs-production-architecture

Ben Lin

This document discusses node.js production site architecture. It begins with an introduction to Ben Lin and his work with node.js projects. The rest of the document outlines best practices for running node.js in production, including using services like Monit and Forever to monitor node processes, using Nginx for load balancing and static file serving, scaling node.js applications by splitting components across multiple servers, and deploying node.js applications with tools like SSH, Git, AWS, and Heroku. The document concludes with some tips for configuring file limits and handling uncaught exceptions in node.js.

Experiences with Microservices at Tuenti

Andrés Viedma Peláez

Talk presented by Aarón Fas & Andrés Viedma at the JBcnConf 2015. 'Microservices' is one of the most popular buzzwords in the industry now, but are they really a step forward? Or they might be more a problem than a solution? When are they really helpful? How should they be addressed? What challenges will we face if we decide to implement a microservices based architecture? One year ago, Tuenti moved from a monolithic PHP backend to a Java + PHP microservices architecture. In this talk, we'll share our experiences so far: how we addressed the change, how we implemented it, why we think it's been valuable for us (and how is that related to the company culture), why it might not be a good idea for your company / application and, mostly, what lessons we have learned from this experience.

Eduardo Silva is an open source engineer at Treasure Data working on projects like Fluentd and Fluent Bit. He created the Monkey HTTP server, which is optimized for embedded Linux and has a modular plugin architecture. He also created Duda I/O, a scalable web services stack built on top of Monkey using a friendly C API. Both projects aim to provide lightweight, high performance solutions for collecting and processing data from IoT and embedded devices.

Practical virtual network functions with Snabb (8th SDN Workshop)

Igalia

By Andy Wingo. The Snabb network function toolkit has grown over the last year to include a number of practical network functions that can be of direct use to network engineers, from test rigs to packet filtering and capturing tools to core IPv6 transition technology border router implementations. After a brief summary of what Snabb is, this talk updates the audience on the network functions included in Snabb, and how they can be easily put to use and even extended to new uses. 8th SDN Workshop ETH Zurich, CAB G51 https://www.meetup.com/es-ES/SDN-Switzerland/events/237925842/?eventId=237925842

Zero mq logs

Tomas Doran

This document discusses using ZeroMQ and Elasticsearch for log aggregation. It proposes using ZeroMQ to transmit structured log data from application servers to a central Logstash server, which would then insert the logs into Elasticsearch for querying and analysis. This approach aims to provide a lightweight logging solution that doesn't block application servers like traditional logging to databases can. The document also provides background on tools like Logstash, Elasticsearch, and Splunk.

Midwest php 2013 deploying php on paas- why & how

dotCloud

Deploying PHP applications to Platform as a Service (PaaS) can provide several benefits over traditional hosting methods. PaaS allows developers to quickly deploy new environments for testing code changes. It also handles tasks like optimizing stacks, upgrading software, and providing comprehensive routing. PaaS aims to make deployment as simple as uploading code and eliminates the need to manually configure servers. While there is an initial learning curve to using PaaS tools and reworking some applications, it can improve the development to production workflow and allow applications to easily scale on demand.

Jenkinsconf Presentation - Advance jenkins management with multiple projects.

Ohad Basan

The internet of $h1t

Amit Serper

I was asked to talk in front of Computer science students at the Bar-Ilan university about "what happens" when you don't care about writing "secured" or "safe" code. A perfect example for that, in my opinion, was the world of embedded computing AKA the IoT. I talked about the history of consumer embedded devices and showed a live demo of an 0day I found in one of the most popular routers in the country.

FusionInventory at LSM/RMLL 2012

Nouh Walid

This document provides an overview of the FusionInventory project. It discusses that FusionInventory is an open source inventory and asset management solution that integrates with the GLPI asset management platform. It allows for network discovery, inventory collection, Wake-on-LAN functionality, software deployment, and VMware ESXi inventory via APIs. The document outlines the project timeline, contributors, supported operating systems, information gathered, statistics on code size and tests, roadmap, and a use case of how FusionInventory has helped consolidate inventory needs for a school district.

JavaOne 2015 : How I Rediscovered My Coding Mojo by Building an IoT/Robotics ...

Mark West

Is your project dragging you down? Are you stuck with the same old technologies? Are you bored with coding? If you answer “yes” to any of these questions, you may have lost your coding mojo—just like this session’s speaker did a few years back. Come hear how he learned new technologies and rediscovered his coding mojo by building an IoT/robotics prototype: a voice-controlled robot. Along the way, you’ll hear about HTML5 speech recognition, controlling hardware with Node.js and Johnny-Five, using WebSocket and MQTT for communication between components, and finally how you can easily combine the Raspberry Pi and Arduino platforms to gain ultimate power over your own projects.

meetPHP#8 - PHP startups prototypes

Max Małecki

The document discusses PHP startup prototypes on Platform as a Service (PaaS) providers. It evaluates AppFog, Engine Yard, Heroku, and OpenShift PaaS platforms. AppFog and OpenShift are highlighted as good free options for startups, with AppFog being the easiest and OpenShift providing more free resources. Performance tests show Silex performed best, with Laravel4 fast but Silex outperforming it. The conclusion recommends AppFog for ease and Silex for performance, noting limitations of free Engine Yard and Heroku plans.

Node & Express as Workflow Tools

FITC

Node & Express as Workflow Tools “Enterprise” and “Node.js” are generally two terms which are rarely seen together, but developing on an (what are considered) “enterprise level” stack doesn’t mean you can’t sneak some Node.js into your workflow. This talk will cover using Node.js, Express, Grunt/Gulp, Commander to build custom workflow tools, mock APIs, and test suites to allow you to maintain sanity while working with more traditional environments. We will cover a simple use case for using Node and Express to smooth Front-end development workflow, and how to package your custom tool as an NPM module for others to install. Presented live at FITC's Spotlight: MEAN Stacks event held on March 28th, 2014 More info at FITC.ca

Scaling with Symfony - PHP UK

Ricard Clau

The document is a presentation about scaling applications with Symfony. It discusses concepts related to scalability like load balancing and sharding. It provides advice on profiling code to diagnose bottlenecks and optimizing aspects like caching, databases, and front-end performance. Specific technologies discussed include APC, Zend Opcache, Memcached, Redis, MySQL, and NoSQL databases. Real-world examples of large applications built with Symfony like a social game with millions of daily users are also presented.

More Productivitiy with Spring Roo

Eberhard Wolff

This document discusses Spring Roo, an open source tool that aims to improve Java developer productivity without compromising flexibility. It provides an overview of Roo's mission and capabilities for rapidly generating applications using conventions. Roo uses AspectJ to actively generate code based on annotations and allows customization through add-ons. The document demonstrates Roo's features and explains how applications can later remove their dependency on Roo through refactoring.

Os Grossupdated

oscon2007

The document discusses the use of open source software in amateur robotics, focusing on the speaker's robot Magellan project. It describes the dual-computer architecture using a PIC microcontroller and NSLU2 computer running Linux. It also discusses the open source tools used, including the JAL compiler for the PIC, OpenEmbedded for building the Linux system, and Python for high-level control code.

Sheepdog Status Report

Liu Yuan

Sheepdog is a distributed object storage system that aggregates storage capacity and performance across disks and nodes. It provides high availability through redundancy and self-healing mechanisms. Sheepdog supports various interfaces including block storage, object storage, and file-based storage. The report discusses the Sheepdog community and contributions over time, current problems like scalability issues and performance degradation, and solutions being worked on such as a new asynchronous iSCSI target, live patching, and an NFS server implementation. The goal is to provide unified storage for OpenStack components through Sheepdog.

uWSGI - Swiss army knife for your Python web apps

Tomislav Raseta

uWSGI is a full-stack tool for building hosting services that acts as an application server for Python web apps using the WSGI specification. It provides a pluggable architecture, versatility, high performance, low resource usage, and reliability. Configuration options are extensive and allow for processes, threads, reloading, monitoring and more. Proper configuration and testing is required to optimize performance for production deployments.

Nodejs

Vinod Kumar Marupu

This document provides an overview of server-side JavaScript using Node.js in 3 sentences or less: Node.js allows for the development of server-side applications using JavaScript and non-blocking I/O. It introduces some theory around event loops and asynchronous programming in JavaScript. The document includes examples of building HTTP and TCP servers in Node.js and connecting to MongoDB, as well as when Node.js may and may not be suitable.

Analysis Result Manager (ARM)

magland

This document introduces Analysis Result Manager (ARM), a cloud-based application for fMRI data management, visualization, and analysis. ARM was created to address the need for easily viewing and sharing fMRI data and results. It allows users to organize, process, and interactively visualize large fMRI datasets from any web browser or desktop. ARM tracks the processing steps to allow results to be reproduced and shared. It uses a script-based approach to define workflows but captures detailed provenance data to avoid redundant processing. ARM demonstrates how cloud computing can be leveraged to efficiently handle the large datasets and computations involved in fMRI analysis.

Ansible Introduction

Robert Reiz

Real Time Realitites

markisuak

Real Time Realities!!! This document discusses adding real-time support to web applications. It outlines 4 steps: [1] Prepare the code for real-time using websockets; [2] Support older browsers using comet techniques; [3] Implement pub-sub systems to handle multiple tasks and authentication; [4] Consider deployment, scalability, and high availability to support many connections and crashes. The goal is to provide a full real-time experience across all browsers in a performant and reliable manner.

TechWiseTV Workshop: Catalyst Switching Programmability

Robb Boyd

Watch the replay: http://cs.co/90028vTty You have heard of NETCONF, YANG, Python, and REST. However, do you really understand what they can do for your business, network, and networking career? Learn how you can create apps that automate operations, consume network telemetry, and control network resources with minimal programming experience. Resources: Watch the New Era of Networking playlist: http://cs.co/90058sI1U

Privilege Escalation with Metasploit

egypt

This document summarizes techniques for privilege escalation using the Metasploit framework. It begins by explaining why Metasploit is useful and why privilege escalation is important for gaining more access and control. It then provides examples of how to write Metasploit modules for local privilege escalation exploits, including generating payloads, including the necessary Metasploit mixins, and interacting with sessions post-exploitation. Specific local privilege escalation techniques demonstrated include exploiting vulnerable setuid binaries like Nmap, modifying Windows scheduled tasks, and relaying Windows authentication. The document concludes by discussing future work to improve Metasploit module development.

The State of the Metasploit Framework.pdf

egypt

This document provides an overview and update on the Metasploit Framework. Some key points: - 229 new modules were added since September 2015. Over 800 pull requests were merged from 176 unique authors with 4765 total commits. - Rex is being broken up into smaller components. New msfconsole commands and a reorganization of the tools directory were introduced. - New modules, payloads, and exploits were added for platforms like Linux, Windows, Android and mainframes. Module documentation is now in markdown. - Features added include tools for downloading Microsoft patches, a portable POSIX payload called Mettle, and improved Meterpreter functionality like XOR obfuscation and new extensions.

Similar to New Shiny in the Metasploit Framework

Monkey Server

Eduardo Silva Pereira

Practical virtual network functions with Snabb (8th SDN Workshop)

Igalia

Zero mq logs

Tomas Doran

Midwest php 2013 deploying php on paas- why & how

dotCloud

Jenkinsconf Presentation - Advance jenkins management with multiple projects.

Ohad Basan

The internet of $h1t

Amit Serper

FusionInventory at LSM/RMLL 2012

Nouh Walid

JavaOne 2015 : How I Rediscovered My Coding Mojo by Building an IoT/Robotics ...

Mark West

meetPHP#8 - PHP startups prototypes

Max Małecki

Node & Express as Workflow Tools

FITC

Scaling with Symfony - PHP UK

Ricard Clau

More Productivitiy with Spring Roo

Eberhard Wolff

Os Grossupdated

oscon2007

Sheepdog Status Report

Liu Yuan

uWSGI - Swiss army knife for your Python web apps

Tomislav Raseta

Nodejs

Vinod Kumar Marupu

Analysis Result Manager (ARM)

magland

Ansible Introduction

Robert Reiz

Real Time Realitites

markisuak

TechWiseTV Workshop: Catalyst Switching Programmability

Robb Boyd

Similar to New Shiny in the Metasploit Framework (20)

Monkey Server

Practical virtual network functions with Snabb (8th SDN Workshop)

Zero mq logs

Midwest php 2013 deploying php on paas- why & how

Jenkinsconf Presentation - Advance jenkins management with multiple projects.

The internet of $h1t

FusionInventory at LSM/RMLL 2012

JavaOne 2015 : How I Rediscovered My Coding Mojo by Building an IoT/Robotics ...

meetPHP#8 - PHP startups prototypes

Node & Express as Workflow Tools

Scaling with Symfony - PHP UK

More Productivitiy with Spring Roo

Os Grossupdated

Sheepdog Status Report

uWSGI - Swiss army knife for your Python web apps

Nodejs

Analysis Result Manager (ARM)

Ansible Introduction

Real Time Realitites

TechWiseTV Workshop: Catalyst Switching Programmability

More from egypt

Privilege Escalation with Metasploit

egypt

The State of the Metasploit Framework.pdf

egypt

Open Source, Security, and Open Source Security.pdf

egypt

The document discusses open source software, security, and open source security. It outlines the goals of open source software which include producing high-quality programs, sharing work, and democratizing code. People work on open source for puzzles, prestige, profit, and community. Difficulties include getting users and contributors. Security goals include identifying, quantifying, and mitigating risks. People work in security for protection, puzzles, prestige, profit, and politics. Difficulties in security include reporting issues and limited budgets. Open source security aims to standardize vulnerabilities and democratize security, though most people lack programming skills.

Authenticated Code Execution by Design.pptx

egypt

The document discusses authenticated code execution by design (ACEbD), where an attacker can leverage legitimate login credentials to access systems and execute code. It provides numerous examples of services that could allow this, such as remote desktop, VNC, SSH, Windows Remote Management, SMB shares, and content management systems like Wordpress or Drupal if exploited. The document stresses that passwords will always enable some level of access and that logging in is preferable to exploiting vulnerabilities. It concludes by advising organizations to carefully audit login activity and restrict which users can access what systems.

One-Liners to Rule Them All

egypt

Offensive Security with Metasploit

egypt

This document discusses Metasploit and modern cybersecurity attacks. It provides a brief history of exploitation from the Golden Era to the Modern Era. It then demonstrates how modern attacks use credentials obtained through tools like Mimikatz to conduct SMB relay attacks and achieve remote code execution. The document also discusses post-exploitation techniques like maintaining presence, achieving persistence, and pivoting. It concludes by offering some mitigation strategies like disabling WPAD, blocking SMB outbound traffic, requiring SMB signing, and implementing proper access controls and monitoring.

Shiny

egypt

This document summarizes new features and improvements in the Metasploit framework, including over 1200 pull requests and 7500 commits added since September 2014. Key additions include 358 new modules, 20 modules for local privilege escalation, exploits targeting antivirus products and SOHO routers, improved SMB and Kerberos support, and enhancements to payloads such as interactive Powershell and UUID tracking.

already-0wned

egypt

- The document discusses the history of exploitation from the Golden Era up to the modern era, noting key developments like the rise of the internet, mobile computing, and secure development practices. - It describes common exploitation techniques from each era, such as password cracking, client-side attacks, and worms that targeted vulnerabilities in software like IIS and SQL Server. - Modern exploitation still relies on similar tactics to illegitimately gain access, such as exploiting trust relationships, stealing credentials using tools like mimikatz, and establishing persistence and pivoting within compromised networks. The document demonstrates these post-exploitation techniques using Metasploit.

Post Metasploitation

egypt

This document discusses techniques for post-exploitation using Metasploit. It covers maintaining presence on a compromised system by examining users and processes. It also discusses achieving persistence through techniques like dropping executable files and modifying autoruns. Pivoting is covered as moving laterally such as relaying NTLM authentication or abusing trust relationships. Specific demonstrations are provided like exploiting an suid misconfiguration on Nmap or using a LNK file drop combined with SMB relay. The document emphasizes developing reliable and readable Metasploit modules to automate post-exploitation tasks.

State of the Framework Address: Recent Developments in the Metasploit Framework

egypt

The document summarizes the past, present, and future of the Metasploit framework. In the past, the framework was tied to its directory structure and modules would break if moved. Currently, the focus is on usability, scalability, passwords, better payloads, and post exploitation. Going forward, there will be continued work on authenticated code execution, payloads for additional platforms, and improving post exploitation modules and APIs.

Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework

egypt

Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...

egypt

This document discusses using guided missiles in drive-bys through automatic browser fingerprinting and exploitation with the Metasploit Framework's Browser Autopwn module. It describes how the module fingerprints browsers to determine effective exploits, selects targeted exploits, and aims for stealth to evade detection. Examples are provided of writing exploits for the module and its advantages over commercial tools. The document encourages downloading and contributing to its continued development.

More from egypt (12)

Privilege Escalation with Metasploit

The State of the Metasploit Framework.pdf

Open Source, Security, and Open Source Security.pdf

Authenticated Code Execution by Design.pptx

One-Liners to Rule Them All

Offensive Security with Metasploit

Shiny

already-0wned

Post Metasploitation

State of the Framework Address: Recent Developments in the Metasploit Framework

Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework

Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...

Recently uploaded

“I’m still / I’m still / Chaining from the Block”

Claudio Di Ciccio

How to use Firebase Data Connect For Flutter

Daiki Mogmet Ito

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

20 Comprehensive Checklist of Designing and Developing a Website

Pixlogix Infotech

Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

TrustArc Webinar - 2024 Global Privacy Survey

TrustArc

How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024? In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores. See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe. This webinar will review: - The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey - The top challenges for privacy leaders, practitioners, and organizations in 2024 - Key themes to consider in developing and maintaining your privacy program

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...

Zilliz

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Zilliz

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Recently uploaded (20)

“I’m still / I’m still / Chaining from the Block”

How to use Firebase Data Connect For Flutter

Large Language Model (LLM) and it’s Geospatial Applications

Communications Mining Series - Zero to Hero - Session 1

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Climate Impact of Software Testing at Nordic Testing Days

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

20 Comprehensive Checklist of Designing and Developing a Website

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

20240605 QFM017 Machine Intelligence Reading List May 2024

PCI PIN Basics Webinar from the Controlcase Team

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

TrustArc Webinar - 2024 Global Privacy Survey

Removing Uninteresting Bytes in Software Fuzzing

A tale of scale & speed: How the US Navy is enabling software delivery from l...

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

UiPath Test Automation using UiPath Test Suite series, part 5

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

New Shiny in the Metasploit Framework

1. New Shiny in the Metasploit Framework egypt

2. Disclaimer Most of this stuff is: ● Not my code ● Not my research ● Awesome in spite of my involvement

4. Infrastructure Stuff

5. SVN

6. SVN is Dead Our SVN server was constantly DDoS’d ● Sometimes unintentionally by dumb scrapers SVN is kinda slow anyway Big changes required lots more requests Now we’re 100% on github Yay two-and-a-half-nines!

7. Stable Updates In an installer environment ● Updates about once per week Development env is still easy to set up ● Tracks bleeding edge (master branch)

8. Exploitation Stuff

9. SAP Several people’s research ● CJR did some fun stuff ~2011 ● Mariano Nuñez ● Pulled together by nmonkee Tons of highly valuable information

10. sap_smb_relay Convince the SAP box to connect via UNC

11. SAPRouter set Proxies sapni:192.0.2.1:3299

12. UPnP HDM’s research Tons of devices all over everywhere Mostly ancient and never updated

13. libupnp “Intel/Portable SDK for UPnP Devices” Seven, count ‘em SEVEN vulns in one function Actual libupnp code: strncpy( TempBuf, ptr1, ptr3 - ptr1 ); Trigger with one UDP packet

14. IPMI Intelligent Platform Management Interface Dan Farmer, HDM Protocol, run by “Baseband Mgmt Controllers” ● iDrac, iLo, lots of others Spec requires cleartext password storage Design-level auth bypass

15. multi/upnp/libupnp_ssdp_overflow Remote root on SuperMicro BMCs Old skewl ret2libc to call system(3)

16. Other Fun Embedded Stuff Michael Messner’s research 14 exploits for consumer routers and such

17. WinRM / WinRS thelightcosine’s research psexec is so last year

18. PhpEXE Mixin for PHP code execution bugs For ARCH_PHP payloads, just returns payload For others, drops a proper executable ● Then tries to unlink it

19. FileDropper Convenience methods for cleaning up files Works for exploits and post

20. Heap Spraying corelanc0der’s research, implemented by sinn3r Uses JS to create many button elements Fast, easy, reliable on IE and Firefox

21. ROP DB XML format for describing ROP chains Supported by mona.py

22. Mem Vuln Landscape has Changed Mandatory ASLR, DEP Sandboxing Automatic, no-interaction updates

23. A Boatload of Browser 0-day Pwn2own Targeted Attacks ● FBI Firefox At least 3 IE vulns used in the wild Flash

24. A Boatload of JRE 0-day So many vulns that Oracle basically disabled it

25. Payload Stuff

26. New Repositories! rapid7/metasploit-javapayload rapid7/meterpreter Easier to build, maintain, and test

27. Mac OSX stuff x64 payloads ● osx/x64/say

28. lol awk Awk is a text processing utility GNU likes to extend utilities GNU Awk has a full TCP API lolwut

29. Ruby Payloads Created for the Rails XML and YAML bugs

30. Android Meterpreter Kinda Proof-of-Concepty ● Requires APK installation ● Have to tap on a UI element But still awesome Most features work ● File manipulation ● Configuration stuff ● And Pivoting!

31. Demo Android meterpreter in emulator

32. Python Meterpreter Based on PHP ● But don’t judge

33. Auth’d Proxies reverse_https_proxy

34. Mimikatz In-memory password stealer Cleartext creds for all the things

35. Demo Stealing passwords with mimikatz

36. New Meterpreter API Stuff netstat/arp commands Victim-side DNS Resolution

37. General Meterpreter Improvements Updated to VS2012 ● Much easier to build Fixed a bug with Reflective DLL Injection Fixed x64 reverse_https Fixed stability issues with sniffer on x64

38. Encoding Stuff

39. CmdStagerEcho Uses ‘echo -ne’

40. Better /bin/sh Command Encoding Handles more badchar edge-cases

41. Stage Encoding Adds randomness to second stage Makes network IDS have to work for a living

42. Other Stuff

43. DB Creds for AuthBrute Modules Lets you easily reuse creds Pop a box, steal creds with mimikatz ● Or one of the many post modules smb_login with them

44. Questions @egyp7 egypt@metasploit.com #metasploit on FreeNode

New Shiny in the Metasploit Framework

Recommended

Recommended

More Related Content

Similar to New Shiny in the Metasploit Framework

Similar to New Shiny in the Metasploit Framework (20)

More from egypt

More from egypt (12)

Recently uploaded

Recently uploaded (20)

New Shiny in the Metasploit Framework