Week 2 & 3 Summary

Readings Summary: 

After reading materials about Metasploit Fundamentals, Information Gathering, Vulnerability Scanning, Exploit Development, Web App Exploit Development, Client Side Attacks and Auxiliary Module Reference, MSF Post Exploitation, Meterpreter Scripting, and Maintaining Access, I concluded how powerful Metasploit Framework is given its customization capabilities and number of exploits in database. Moreover, I found that there is VM version of Metasploitable-2 machine that is designed to be Intentionally Vulnerable Metasploitable Lab Environment. In addition, NeXpose can be embedded into MSFConsole itself and ran from within MSF to perform advanced scans. Also, it is important to note that both attacking machine (Kali Linux) and a victim machine (metasploitable 2) must be setup in secured isolated VM environment to avoid exposure to internal network. While Metaspolit has its own prebuilt scripts, it is possible to write your own scripts with Meterpreter.

Questions to the Class:

1. When comparing NeXpose, Nessus and Metasploit, which tool is better in terms of Security Audit Reporting and scan capabilities?

2.  When installing NeXpose on KALI 2.0, received the installation failure reason below. Has anyone received the same error?

“[Fail] – An unsupported kernel version 4.0.0-kali1-amd64 was detected.”

In the News:

Azerbaijani Hackers have hacked NATO-Armenia and embassy websites in 40 countries giving a powerful reply to the Armenian hackers.

Read more here: https://www.hackread.com/azerbaijani-hackers-defac-nato-armenia-embassy-sites/