0 min
Metasploit
Metasploit Framework Featured on CNN: Phishing Made Simple
While browsing security related articles at CNN, I noticed this video of Eric
Fiterman demonstrating a phishing attack and some post exploitation techniques
with Metasploit Framework.
Video courtesy of:
4 min
Exploits
Recent Developments in Java Signed Applets
The best exploits are often not exploits at all -- they are code execution by
design. One of my favorite examples of this is a signed java applet. If an
applet is signed, the jvm allows it to run outside the normal security sandbox,
giving it full access to do anything the user can do.
Metasploit has supported using signed applets as a browser exploit for quite
awhile, but over the last week there have been a couple of improvements that
might help you get more shells. The first of these improve