4 min
Android
Pokemon Go, Security, and Obsolescence
Pokemon Go started it.
The crusty old house cell phone, which we had years ago ported from a genuine
AT&T land line to a T-Mobile account, suddenly caught the attention of my middle
son.
> "Hey Dad, can I use that phone to catch Pokemon at the park?"
"Sure! Have fun, and don't come back until sundown!"
A few minutes later, he had hunted down his first Pikachu, which apparently
required running around the block in Texas summer heat a few times. Sweat-soaked
but proud, he happily presented hi
2 min
Metasploit
Important Security Fixes in Metasploit 4.12.0-2016091401
A number of important security issues were resolved in Metasploit (Pro, Express,
and Community editions) this week. Please update
[https://community.rapid7.com/docs/DOC-3521] as soon as possible.
Issue 1: Localhost restriction bypass
(affects versions 4.12.0-2016061501 through 4.12.0-2016083001)
On initial install, the Metasploit web interface displays a page for setting up
an initial administrative user. After this initial user is configured, you can
login and use the Metasploit web UI for th
1 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrapup for 2015-10-15
Welcome to this week's Metasploit Wrapup. I'm your host Brent Cook, tagging in
for egypt [https://twitter.com/egyp7] who just finished speaking about
Metasploit at the Texas DIR Telecommunications Forum
[http://dir.texas.gov/View-About-DIR/Calendar-Detail.aspx?id=155&month=10&year=2015&type=list]
. This week was largely focused on bug fixes and refinements.
In the fixes bucket, PowerShell sessions now properly upgrade with the 'sessions
-u' command. Fixing this also revealed some general proble
1 min
Metasploit
Metasploit Framework Tools Reorg
There are a wide variety of interesting and useful tools in the Metasploit
Framework. Many of these are available from the top-level of Metasploit in the
form of modules and library code. You can find countless tutorials and blogs
about how to put msfconsole, msfvenom and other top-level commands to good use.
However, not many people know about the 'tools' directory, which contains many
useful, single-purpose scripts, with topics spanning from exploit development to
statistics.
One of the probl
2 min
Windows
Metasploit Framework Open Source Installers
Rapid7 has long supplied universal Metasploit installers for Linux and Windows.
These installers contain both the open source Metasploit Framework as well as
commercial extensions, which include a graphical user interface, metamodules,
wizards, social engineering tools and integration with other Rapid7 tools. While
these features are very useful, we recognized that they are not for everyone.
According to our recent survey of Metasploit Community users, most only used it
for the open source comp
5 min
Metasploit
Unicode Support in Meterpreter
A short, mostly-accurate history of character encodings
In the beginning, when you wanted to use a computer to store text, there were
not many options - you inherited something from punchcards like EBCDIC or
invented something convenient and unique to your system. Computers did not need
to talk to each other, so there was not much point in standardizing between
vendors. Things were pretty simple.
Then, there came the need for computers and vendors to interoperate and
communicate. Thus, ASCII an
7 min
Metasploit
12 Days of HaXmas: Maxing Meterpreter's Mettle
This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a
look at some of more notable advancements and events in the Metasploit Framework
over the course of 2014. As this is the last in the series, let's peek forward,
to the unknowable future.
Happy new year, it's time to make some resolutions. There is nothing like a
fresh new year get ones optimism at its highest.
Meterpreter is a pretty nifty piece of engineering, and full of useful
functionality. The various extensi
8 min
Windows
12 Days of HaXmas: Does it Blend Like a Duck?
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014._
Writing portable software is not hard. It's just like walking through a
minefield! Getting to the other side, that's the tricky part.
Sure, if you target C, Unix-like systems and GCC or LLVM, you may not run into
too many hassles these days. There are still a few annoying differences between
BSDs and Linux, but POSIX a