, 2007-03-27
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
Expand all |
Post comment
Security "vulnerabilities" posted on bugtrack are not "real" enought for corporate execs. "Our IDS and AV protect us from everything" is easy to believe until a framework like this makes it so mere mortals like myself can use evasion to launch DCOM exploits that are 5 years old and 0wn their box. Could I use it to do evil? Oh yeah baby. Will I? Hmm. I guess you better take it seriously and protect yourself. Its painfully obvious that companies still dont take this stuff seriously (tj max, et al... http://www.privacyrights.org/ar/ChronDataBreaches.htm)
Tools like this empower security guys to "make it real" for these guys BEFORE they show up on the front page.
I'd love to see the open sourcee metasploit book better developed. Meterpreter port forwarding (syscall proxy) is kicking my butt.
http://en.wikibooks.org/wiki/Metasploit/Contents
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/439/34468#34468