Week 2: Reading: Metasploit-Unleashed, Question for Class, and In The News

Reading: Metasploit-Unleashed: The Ultimate guide to the Metasploit Framework, Offensive Security

The Metasploit Framework is a stable platform for executing information security exploits providing a base for developing and automating new discovery techniques and attack methods for compromising the confidentiality, integrity, and availability of IT infrastructure. Coded in Ruby, Metasploit’s capabilities can be further extended with new components written in Ruby, assembly language and C.  IT network security professionals and researchers use Metasploit to conduct a wide variety of penetration tests and exploits. System administrators use it to very patch installations, and product vendors use it to perform regression testing.  The Metasploit Framework is a modular system that will enable us to learn how to combine exploits with payloads within the following workflow:

• Identify and understand the configuration and vulnerabilities of the target system including its operating system version and available network services
• Choosing an exploit to use in taking advantage of the target system through a bug/vulnerability in one of its components
• Choosing and configuring a delivery mechanism and payload code to execute on the target system
• Choosing the encoding technique to get by the IDS/IPS without detection
• Executing the exploit, accomplishing objectives and covering tracks

Question for Class:

While intended by founder H.D. Moore and corporate provider Rapid7 to be used by white hackers to support offensive information security workers, what are the ethical implications of making Metasploit’s capabilities equality available to criminals for nefarious purposes?

In The News: “Endpoint Exploitation Trends 2015, Bromium Labs Research Brief” January 14, 2016, Bromium.com.

In 2015: exploitation for hire came under public scrutiny with breach and exposure of techniques used by Hacking Team, malvertising – spread of malware through online advertising networks found in 27% of the top 1,000 internet advertising websites, and while overall vulnerabilities increased by 60% – those specifically targeting Adobe Flash increased by 333%. The number of exploit kits available with capabilities to bypass standard malware detection techniques also rose in 2015, as did the use of IPS evading malware containing Word documents in phishing emails, and the crypto-ransomware business.  http://www.bromium.com/sites/default/files/rpt-bromium-threat-report-2015-us-en.pdf