Week 3 Reading Summary, Question, and recent Cyber Security News…
- Summarize one key point from each assigned reading…
The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features an additional array of commercial grade exploits & an extensive exploit development environment for following cyber security activities: recon, MSF post exploitation, Meterpreter scripting (additional scripts added to MSF for exploiting a target), maintaining access (“once you have gained access to one system, you can gain access to systems that share the same subnet… then pivoting from one system to another, one can gain information about users activities by monitoring their keystrokes, and impersonating users”), etc.
- Question to classmates (facilitates discussion) from assigned reading…
Question: After securing & maintaining access to victim’s PCs , what would be some preferred ways to continue gathering more info using Meterpreter?
*Answer: How about key-logging (keystroke logger script with Meterpreter)…, and what would others use here to gather more info?
Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…
In the Cyber Security News lately…
Will Cyber Security Companies shift their Headquarters out of US?
http://www.ehackingnews.com/2015/05/will-cyber-security-companies-shift.html
The U.S. Bureau of Industry & Security (BIS), involving national security & high technology commerce, is proposing to classify cyber security tools (Metasploit Pro, etc) as weapons of War in an attempt to control the distribution. If it becomes law, then other nation-states would take advantage of this cyber security restriction on security researchers and companies in the U.S.
*NOTE: Reported by eHackingNews back on 5/27/2015.
**NOTE: After I just checked the Federal Register web site on 1/21/2016 for latest info on “Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items”, it appears this proposal has not become law in USA so far…
Leave a Reply