Blog

Viewing posts from January, 2016

Know your tools - CVE-2015-2342 IOC and Metasploit

Intro

As penetration testers and security professionals we now have a myriad of tools at our disposal. It seems like everyday a new product, program, or script is being released to make our jobs easier and increase our effectiveness (ok that’s debatable :). However, with all of these tools available how likely is it that most testers are taking the time to understand what’s going on behind the scenes? Arguably the most well-known penetration testing tool-suite is Metasploit. Thanks to all the hard work from the community and Rapid7 the Metasploit Framework is an amazing resource at our disposal. I’ve heard some complaints of Metasploit lately, but in my opinion there’s still nothing quite like it available. Now, we all know that it’s bad practice to download an exploit from an untrusted website and throw it at a system without proper vetting, but it’s equally important to understand the inner workings of tools you trust like Metasploit.