Week 3 Takeaways

Assigned readings:

Metasploit Unleashed allows various functions, such as the abilities to conduct MSF Post Exploitation,
Meterpreter Scripting, and Maintaining Access. MSF Post Exploitation allows the user to run privilege escalation, event log management, packet sniffing, pivoting, screen capture, searching for content, etc. For instance, Metasploit uses a script that allows the usage of different techniques to gain access of the System level privileges on the remote system. Meyerpreter Scripting allows the user to look for existing scripts as well as write custom scripts. Lastly, Maintaining Access is composed of keylogging, meterpreter backdoor, and persistent backdoor. Being able to maintain access is key to further examine the target network. Once access is gained into the system, allows you to pivot from one system to another, gain information about the users’ activities by monitoring keystrokes, impersonating users with captured tokens, etc.

Question for the class:

Have you ran any scripts as described in the above techniques before and if so, how successful were you gaining useful information?

In the news:

“Ukraine Mounts Investigation of Kiev Airport Cyberattack”
The cyberattack was related to the BlackEnergy malware attacks that recently targeted Ukranian infrastructure facilities which impacted more than 80,000 customers. This new attack involved a spearphishing email, decoy document, or both, and it was conducted by the Sandworm Team (a team that has been targeting various worldwide entities, such as NATO, EU, etc). Attacking the Kiev Airport was determined by the C2 servers which originated in Russia and disrupting air traffic control system.
For additional information regarding this article, please click here.