I stumbled upon something the other day that i think will be critical for most penetration testers. Chances are, you run many VMs which are responsible for carrying out a variety of tasks during a penetration test. Linux for attacking, Windows for reporting/attacking, etc. whatever. I use a windows box to do my reporting, because, […]
Recently I have been working more and more on my pentest plugin for Metasploit doing bug fixes and trying to improve some of the current areas of it. I added the Auto Exploit plugin to it for exploit automation and added some commands to aid in doing enumeration and discovery thru a pivot. I was […]
Remember a while back we talked about using a “police scanner” to monitor POCSAG and Flex pager traffic, as well as listening in to 900Mhz baby monitors and cordless phones. Well, that was pretty fun, but it took a couple hundred dollars in gear AND a laptop. What if there was a better way?: Episode […]
With the recent release of Nessus 5 it comes with several improvements like better filtering in policy creation, analysis, reporting and a faster lighter engine for scanning. From this new features my favorite one is the ability to do filtering when creating new policies and analyzing results. For a very long time I kept a […]
This is the second part of my Pentest Metasploit plugin. This part will cover the post exploitation commands this plugin adds. First I would like to cover the thought process of this commands. The commands came from some modules I pushed and then had to pull from the Metasploit Framework around summer of 2011 that […]
With the move from Rapid7 to make the framework a repository of modules and have the majority of the automation in the Community and paid versions of metasploit I started several month ago to write a plugin called pentest to cover some of my personal needs and those of friends who have requested them in […]
Paul and Larry spent The Ultimate Spring Break at SourceBoston, and have come back for a special report on the conference which you can catch this Thursday night April 21st on Episode 240 by watching live: NOTE: The video will play the most recent show up until we are live! For interactive live video, audio, […]
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.