2 min
Vulnerability Disclosure
March Patch Tuesday Roundup
Since Microsoft is on this new staggered pattern of releases, we can expect a
feast or famine every other month...so get used to it. Depending on what side of
the desk you sit on you can adjust the context. With that being said, this
month's release brought us 3 patches addressing 4 vulnerabilities. I think we
were all expecting to see the MHTML
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol
handler issue resolved, however it didn't make the cut. Make sure IE is in
r
4 min
Exploits
Setting Up a Test Environment for VPN Pivoting with Metasploit Pro
Penetration testing software only shows its true capabilities on actual
engagements. However, you cannot race a car before you've ever sat in the
driver's seat. That's why in this article I'd like to show you how to set up a
test environment for VPN pivoting, a Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/] feature for intermediate
and advanced users recently described in this post
[https://community.rapid7.com/blogs/rapid7/2010/11/08/how-vpn-pivoting-creates-an-undetectab
2 min
Exploits
Take an Earlier Flight Home with the New Metasploit Pro
We love it, our beta testers loved it, and we trust you will as well: today
we're introducing Metasploit Pro
[http://www.rapid7.com/products/metasploit-pro.jsp], our newest addition to the
Metasploit family, made for penetration testers who need a bigger, and better,
bag of tricks.
Metasploit Pro provides advanced penetration testing
capabilities, including web application exploitation and social
engineering.
The feedback from our beta testers has been fantastic, most people loved how
easily
3 min
Metasploit
Metasploit Framework 3.3.3 Exploit Rankings
This morning we released version 3.3.3
[http://www.metasploit.com/framework/download/] of the Metasploit Framework -
this release focuses on exploit rankings
[https://community.rapid7.com/docs/DOC-1034], session automation, and bug fixes.
The exploit rank indicates how reliable the exploit is and how likely it is for
the exploit to have a negative impact on the target system. This ranking can be
used to prevent exploits below a certain rank from being used and limit the
impact to a particular t