Weitere ähnliche Inhalte Ähnlich wie Offensive Security with Metasploit (20) Offensive Security with Metasploit4. What is Metasploit?
A tool for
● Reconnaissance
● Exploitation
● Post-exploitation
A Data Clearinghouse
A framework for improving and automating all
of the above
6. Golden Era (up to mid-late 1990s)
Silver Era (mid-late 1990s to mid 2000s)
Modern Era (late 2000s to now)
10. Silver Era (mid 1990s)
Practical portable systems
Rise of WiFi
Much greater use of technical mitigation
14. Server-side Worms
ms00-078 IIS, solaris sadmin
ms01-033 IIS
(big list of vectors)
ms02-039 SQLServer
ms03-026 dcom
ms04-011 lsass
ms05-039
ms08-067
Sadmind
Code Red
Nimda
Slammer
Blaster
Sasser
Zotob
Conficker
15. The web is the Internet
Ubiquitous mobile computing
Secure Development Lifecycle (SDLC)
Modern Era
36. user:bob, bob’s hash encrypted with Challenge
SMB Authentication
Auth request; host:BOB
Challenge
43. SMB Relay
Auth request; host:BOB
Challenge
user:bob, bob’s hash encrypted with
Challenge
Auth
request;
host:BO
B
Challenge
44. SMB Relay
Auth request; host:BOB
Challenge
user:bob, bob’s hash encrypted with
Challenge
Auth
request;
host:BO
B
Challenge
user:bob, bob’s
hash
encrypted
with
Challenge
45. SMB Relay
Auth request; host:BOB
Challenge
user:bob, bob’s hash encrypted with
Challenge
Login
successful
Auth
request;
host:BO
B
Challenge
user:bob, bob’s
hash
encrypted
with
Challenge
46. SMB Relay
Auth request; host:BOB
Challenge
user:bob, bob’s hash encrypted with
Challenge
Login
successful
Auth
request;
host:BO
B
Challenge
user:bob, bob’s
hash
encrypted
with
Challenge
Login Failed go away