SlideShare a Scribd company logo

State of the Framework Address: Recent Developments in the Metasploit Framework

egypt
egypt

The document summarizes the past, present, and future of the Metasploit framework. In the past, the framework was tied to its directory structure and modules would break if moved. Currently, the focus is on usability, scalability, passwords, better payloads, and post exploitation. Going forward, there will be continued work on authenticated code execution, payloads for additional platforms, and improving post exploitation modules and APIs.

TechnologyEducation
1 of 43
Download to read offline
We interrupt your regularly scheduled programming to bring you…
The State of the Framework
Past
We must know where we came from to know where we are going
4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
Uses for Metasploit • Running exploits, getting shells • Creating exploits
Present
Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
Scalability
Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
Moar Passwerdz
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
Future
Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
Startup Time
Contributing Should be Easy
Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more

Recommended

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010
John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and Ruby
Evgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivos
Isabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra Cotidianidad
Isabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2
arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study
Ronald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
Tiago Henriques
 

Recommended

Rejectkaigi 2010
Rejectkaigi 2010Rejectkaigi 2010
Rejectkaigi 2010
John Woodell
 
JRuby - The Best of Java and Ruby
JRuby - The Best of Java and RubyJRuby - The Best of Java and Ruby
JRuby - The Best of Java and Ruby
Evgeny Rahman
 
Días productivos
Días productivosDías productivos
Días productivos
Isabel Avendaño
 
Nuestra Cotidianidad
Nuestra CotidianidadNuestra Cotidianidad
Nuestra Cotidianidad
Isabel Avendaño
 
Articuloosopanda fatla1
Articuloosopanda fatla1Articuloosopanda fatla1
Articuloosopanda fatla1Isabel Avendaño
 
Arya 2
Arya 2Arya 2
Arya 2
arunkelluri
 
10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study10x Performance Improvements - A Case Study
10x Performance Improvements - A Case Study
Ronald Bradford
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
Tiago Henriques
 
Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a Budget
Joshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)
Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Pharo Status
Pharo StatusPharo Status
Pharo Status
Jannik Laval
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
Mostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Guillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Development
kyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?
gagravarr
 
Akka Actors
Akka ActorsAkka Actors
Akka Actors
Dylan Forciea
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technology
Robert Viseur
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010
John Woodell
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise world
Simone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報
Six Apart KK
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell
Dominopoint - Italian Lotus User Group
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the Trials
Jazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012
Tomas Doran
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2
Oracle Corporation
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Lucene
otisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2
Beau Lebens
 
Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploit
egypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdf
egypt
 

More Related Content

Similar to State of the Framework Address: Recent Developments in the Metasploit Framework

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a Budget
Joshua L. Davis
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)
Chris Aniszczyk
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
EC-Council
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Pharo Status
Pharo StatusPharo Status
Pharo Status
Jannik Laval
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
Mostafa Abdel-sallam
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Guillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Development
kyaw thiha
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?
gagravarr
 
Akka Actors
Akka ActorsAkka Actors
Akka Actors
Dylan Forciea
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technology
Robert Viseur
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010
John Woodell
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise world
Simone Federici
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報
Six Apart KK
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell
Dominopoint - Italian Lotus User Group
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the Trials
Jazkarta, Inc.
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012
Tomas Doran
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2
Oracle Corporation
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Lucene
otisg
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2
Beau Lebens
 

Similar to State of the Framework Address: Recent Developments in the Metasploit Framework (20)

Big Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a BudgetBig Bad PostgreSQL: BI on a Budget
Big Bad PostgreSQL: BI on a Budget
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)Apache Mesos at Twitter (Texas LinuxFest 2014)
Apache Mesos at Twitter (Texas LinuxFest 2014)
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Pharo Status
Pharo StatusPharo Status
Pharo Status
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
 
Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Development
 
What's new with Apache Tika?
What's new with Apache Tika?What's new with Apache Tika?
What's new with Apache Tika?
 
Akka Actors
Akka ActorsAkka Actors
Akka Actors
 
Introduction to libre « fulltext » technology
Introduction to libre « fulltext » technologyIntroduction to libre « fulltext » technology
Introduction to libre « fulltext » technology
 
Oscon 2010
Oscon 2010Oscon 2010
Oscon 2010
 
Django in enterprise world
Django in enterprise worldDjango in enterprise world
Django in enterprise world
 
Movable Type 5.1 最新情報
Movable Type 5.1 最新情報Movable Type 5.1 最新情報
Movable Type 5.1 最新情報
 
#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell#dd12 IBM Lotus Traveler High Availability in a nutshell
#dd12 IBM Lotus Traveler High Availability in a nutshell
 
Large Files without the Trials
Large Files without the TrialsLarge Files without the Trials
Large Files without the Trials
 
Message:Passing - lpw 2012
Message:Passing - lpw 2012Message:Passing - lpw 2012
Message:Passing - lpw 2012
 
Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2Oracle 11g R2 Live Part 2
Oracle 11g R2 Live Part 2
 
Finite State Queries In Lucene
Finite State Queries In LuceneFinite State Queries In Lucene
Finite State Queries In Lucene
 
Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2Bringing WordPress to the front-end. o2 is the new P2
Bringing WordPress to the front-end. o2 is the new P2
 

More from egypt

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploit
egypt
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdf
egypt
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Framework
egypt
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdf
egypt
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptx
egypt
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
egypt
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
egypt
 
Shiny
ShinyShiny
Shiny
egypt
 
already-0wned
already-0wnedalready-0wned
already-0wned
egypt
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitation
egypt
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
egypt
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
egypt
 

More from egypt (12)

Privilege Escalation with Metasploit
Privilege Escalation with MetasploitPrivilege Escalation with Metasploit
Privilege Escalation with Metasploit
 
The State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdfThe State of the Metasploit Framework.pdf
The State of the Metasploit Framework.pdf
 
New Shiny in the Metasploit Framework
New Shiny in the Metasploit FrameworkNew Shiny in the Metasploit Framework
New Shiny in the Metasploit Framework
 
Open Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdfOpen Source, Security, and Open Source Security.pdf
Open Source, Security, and Open Source Security.pdf
 
Authenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptxAuthenticated Code Execution by Design.pptx
Authenticated Code Execution by Design.pptx
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
 
Shiny
ShinyShiny
Shiny
 
already-0wned
already-0wnedalready-0wned
already-0wned
 
Post Metasploitation
Post MetasploitationPost Metasploitation
Post Metasploitation
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
 

Recently uploaded

Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 

Recently uploaded (20)

Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 

State of the Framework Address: Recent Developments in the Metasploit Framework

  • 1.
  • 2. We interrupt your regularly scheduled programming to bring you…
  • 3. The State of the Framework
  • 5. We must know where we came from to know where we are going
  • 6.
  • 7.
  • 8.
  • 9. 4.0 3.0 3.6 3.1 3.2 3.4 BSD 2003 … 2007 2008 2009 2010 2011 2012
  • 10. Modules by type and release 1400 1200 1000 800 Post 600 Auxiliary Exploit 400 200 0 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 4.0
  • 11. Auxiliary Exploit Post 1-Jul-2011 Modules Over Time 1-Mar-2011 1-Nov-2010 1-Jul-2010 1-Mar-2010 1-Nov-2009 1-Jul-2009 1-Mar-2009 1-Nov-2008 1-Jul-2008 1-Mar-2008 1-Nov-2007 1-Jul-2007 1-Mar-2007 0 800 700 600 500 400 300 200 100
  • 12. Module Format • Originally tied to directory structure – Now more flexible • Module broke if you mv'd it
  • 13. Uses for Metasploit • Running exploits, getting shells • Creating exploits
  • 14.
  • 16.
  • 17. Focuses for 4.0 • Usability • Scalability • Passwords • Better payloads • Post exploitation
  • 18. Usability • Installers that make everything easy • Help for most commands • Database command improvements • Msfvenom
  • 19. Everything Works Out of the Box • Ruby 1.9.2 • Postgres • Java (for msfgui, armitage) • Option to automatically update • pcaprub
  • 20. The Database • Auto configured by installer • Now a core feature used by lots of modules – Almost all auxiliaries, many posts • Scales much better than before • Better search capabilities • Workspaces for logical separation
  • 22. Recent Focus on Passwords • Authenticated code execution by design is better than an exploit • Obvious: SSH, Telnet, RDP, VNC • Less obvious: – MySQL/MSSQL/PostgreSQL – Tomcat/Axis2/JBOSS/Glassfish – ManageEngine
  • 23. Payloads • Dozens of formats and architectures – PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX – x86, PPC, ARM, MIPS, cmd exec, … • Reverse HTTP(s) stagers for Win32, Java meterpreters • Railgun
  • 24. Post Modules • Biggest change in a long time • Replaces meterpreter scripts • More comprehensive Post-exploitation API – OMG Railgun – Shell sessions, too – You should have been in Rob and Chris' talk • My utopian ideal: post mods work on all kinds of sessions on all supported platforms
  • 26. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation
  • 28. Future of Exploits • Continued focus on Authenticated Code Exec – Oracle, various CMSes • Hack all the things
  • 29. Future of Payloads • Linux meterpreter – Yes, I know I've been saying this for 3 years • Java meterpreter to keep pace with Win32 – Thanks to mihi • Meterpreter needs to only load stuff that makes sense for the platform • IPv6 support for more stuff – Mostly works, 32-bit Windows and Linux payloads – Toredo
  • 30. Future of Post Exploitation • Huge amount of community dev going into Post modules • Password stealers for every conceivable application that stores them – Thanks TheLightCosine! • More local privesc exploits
  • 31. More Post Exploitation • More and better APIs – Cross-platform pilfering • Easier
  • 32. Future of Modules in General • Some form of exploit abstraction • Transport should be a user option – Not a whole different module with the same exploit code – Example: PDF exploits over HTTP, FTP, SMB, email
  • 35. Contribution Workflow Ask about it in Find a bug Submit a ticket IRC Get tired of Tell me I forgot waiting, fix it Submit a patch about it yourself Remind me Give up again
  • 36.
  • 37. Documentation • Two main sources of documentation right now – Reading 500k lines of ruby source – Asking me in IRC • It was hard to write, it should be hard to read, dammit!
  • 38. Documentation • Updated users' guide • Updated developers' guide • Clean up rdoc
  • 39. Installation Should be Easier • Everything should *really* work out of the box • Everything should be configurable from the commandline • Install Express/Pro without another big download of mostly the same stuff – I know, shameless plug, but hey it pays for all the rest of this
  • 40. Uses for Metasploit • Running exploits, getting shells • Creating exploits • Auxiliary modules, discovery, systems admin • Post exploitation, looting pwned boxes • Data collection and correlation • And….
  • 41.
  • 42. Why? • Metasploit should be the first and the last tool you need • Anything that gets you access – Proof positive tool – Not just exploits, identities • Maintain that access • Use your access to achieve your goals • Store all of the above in a manageable way
  • 43. Questions? • If I have ever kickbanned you in #metasploit, I'm sorry – But not that sorry, you should have googled more