home.social

#metasploit — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #metasploit, aggregated by home.social.

  1. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  2. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  3. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  4. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  5. Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit rapid7.com/blog/post/pt-metasp

  6. The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

    Check it out at rapid7.com/blog/post/pt-metasp

  7. No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!

    Read the full details: rapid7.com/blog/post/pt-metasp #Metasploit

  8. Encoder exposed! 💥 Get the details on the latest Metasploit Framework release: new encoder options for better payload control, fresh RCE exploits (Tactical RMM SSTI, MajorDoMo), and Linux RC4 Packer for in-memory execution. Read the full wrap-up: rapid7.com/blog/post/pt-metasp #Metasploit

  9. Lateral movement w Active Directory z wykorzystaniem WinRM

    Lateral movement (często tłumaczony jako ruch boczny) w środowiskach Active Directory bardzo rzadko opiera się na podatnościach w rozumieniu tych dostępnych w ramach bazy CVE. W praktyce znacznie częściej jest to konsekwencja nadużycia wbudowanych mechanizmów administracyjnych, które zostały zaprojektowane z myślą o automatyzacji i zdalnym zarządzaniu systemami z rodziny Windows....

    #Teksty #Metasploit #Mimikatz #Netsec #Poradnik #Powershell #Winrm

    sekurak.pl/lateral-movement-w-

  10. Stop reading theory without results.

    This bundle combines the Master #Hacker ebook with hands-on video walkthroughs that turn recon, #Metasploit exploitation, AV evasion, and #Python #scripting into practical skills you can deploy immediately:

    hackersarise.thinkific.com/bun
    #cybersecurity #infosec

  11. Metasploit erweitert Arsenal mit sieben neuen Exploit-Modulen

    FreePBX-Module kombinieren Authentifizierungsumgehung mit Code-Ausführung

    all-about-security.de/metasplo

    #metasploit #freepbx

  12. I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

    Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

    #BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

  13. I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

    Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

    #BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

  14. I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

    Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

    #BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

  15. I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

    Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

    #BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

  16. I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

    Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

    #BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

  17. 🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

    Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

    #penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

  18. 🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

    Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

    #penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

  19. 🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

    Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

    #penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

  20. 🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

    Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

    #penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

  21. 🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

    Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

    #penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

  22. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  23. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  24. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  25. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  26. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  27. Having some trouble updating BashCore on bookworm before it fades into oblivion.

    Planning to release both BashCore and BashCoreX with kernel 6.1 and the very last updates (Metasploit is giving me headaches).

    The fun part? I’m using BashCoreTX via SSH into BashCore for debugging, all running on VirtualBox.

    #BashCore #Linux #Debian #Metasploit #Bookworm #SSH #Virtualbox #Trixie

  28. Используем Python и metasploit для автоматизации рутинных задач эксплуатации

    Эксплуатация уязвимостей — это не обязательно тысяча ручных шагов. Особенно, если есть Python и Metasploit. В этой статье я расскажу, как автоматизировать атаку и постэксплуатацию так, чтобы всё работало, а вы — отдыхали.

    habr.com/ru/companies/pm/artic

    #python_3 #python #metasploit #nuclei #шаблонизаторы #информационная_безопасность #автоматизация #автоматизация_тестирования #zimbra

  29. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  30. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  31. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  32. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  33. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  34. Metasploit on BashCoreT: LoadError - cannot load such file: parallel.

    Translation: “Nice build you have there… shame if something happened to it.” 😅

    Time to tear it down and start over...

    #BashCoreT #Linux #Pentesting #Metasploit #DevLife

  35. @stux heh, yeah the msf folks are pretty fast :D

    years ago i used to chill in #metasploit on freenode with them all and it was super awesome to be part of the discussion when a new thing landed.

    it was SUPER SUPER COMMON for some crazy bullshit vuln to land at like 9pm on a friday night, and we'd spend all weekend screwing around making payloads.

    the good ol days :D

  36. Oh wow, someone already made #Metasploit modules that target CVE-2025-53770 and CVE-2025-53771 in the recent #SharePoint 0-Day vulnerabilities

  37. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  38. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  39. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  40. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  41. Honestly, 50 tools should be more than enough.
    Who really tests all 600+ tools in Kali or the 2,500+ in BlackArch?
    I tried... but some BlackArch tools didn’t even run properly...

    In BashCore and BashCoreX, every app works.
    No duplicates. No junk. Just tools that actually run.

    Yes, the ISOs are ~7GB,
    but we’ve got Metasploit, Searchsploit, and especially SecLists (which weighs a ton) 🤷🏻‍♂️

    #BashCore #BashCoreX #Debian #Pentesting #NoBloat #BlackArch #KaliLinux #SecLists #Metasploit

  42. Go beyond just using Metasploit – learn to build with it.

    This comprehensive 2nd Edition guides you with foundational commands through porting public exploits (Chapter 12), building your own modules in Ruby (Chapter 13), and even fuzzing for novel vulnerabilities (Chapter 14).

    Elevate individual skills while enriching the broader field. #Metasploit #InfoSec #ExploitDev #CyberSecurity

    nostarch.com/metasploit-2nd-ed