home.social

#metasploit — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #metasploit, aggregated by home.social.

  1. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  2. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  3. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  4. Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

    Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

    habr.com/ru/articles/1024360/

    #nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

  5. Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit rapid7.com/blog/post/pt-metasp

  6. The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

    Check it out at rapid7.com/blog/post/pt-metasp

  7. Из лета в зиму: как хакеры сменили сезон для виртуального склада на Standoff

    Привет! На связи организаторы кибербитвы Standoff, и в этой статье мы с командой 5HM3L поделимся с вами одним из свежих кейсов. В майской кибербитве принял участие наш партнер «Научно-производственное предприятие „Исток“ им. Шокина». Компания тестировала защищенность своей платформы IIoT.Istok . Как ломали российский промышленный IoT — рассказываем под катом. Повзламываем IIot?

    habr.com/ru/companies/pt/artic

    #cybersecurity #взломы #standoff13 #pentest #iiot #cobalt_strike #SharpHound #nmap #chisel #metasploit

  8. Топ опасных уязвимостей июля. Под угрозой пользователи ОС Windows и Linux

    Хабр, привет! Я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center. Мы с коман­­дой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии трендовые уязвимости. То есть те недостатки безопасности, которые либо уже эксплуатируются вживую, либо могут начать эксплуатироваться в ближайшее время. Сегодня расскажу про самые опасные уязвимости июля. Всего таких уязвимостей было три: 1️⃣ Уязвимость, приводящая к спуфингу, в движке для обработки и отображения HTML-страниц Microsoft Windows MSHTML Platform (CVE-2024-38112). 2️⃣ Уязвимость, связанная с выполнением произвольного кода в интерпретаторе PostScript и PDF-документов Ghostscript (CVE-2024-29510). 3️⃣ Уязвимость, связанная с выполнением произвольного кода в гиперконвергентной [1] платформе Acronis Cyber Infrastructure (CVE-2023-45249). Узнать самые опасные уязвимости июля

    habr.com/ru/companies/pt/artic

    #трендовые_уязвимости #эксплойт #linux #windows #hta #internet_explorer #ghostscript #metasploit #aci

  9. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  10. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  11. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  12. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  13. 🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

    We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

    🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

    We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

    The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

    Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

    HD‏​​​​​​​​​​‏ ⁢​​​​Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

    Key insights from our conversation:

    • When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

    • The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

    • Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

    • Traditional agent-based tools can't see what attackers see

    #RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

    📺 Watch the video: youtu.be/hkKJsKUugIU

    🎧 Listen to the podcast: brand-stories-podcast.simpleca 📖 Read the blog: itspmagazine.com/their-stories

    ➤ Learn more about RunZero: itspm.ag/runzero-5733

    ✦ Catch more stories from RunZero: itspmagazine.com/directory/run

    🎪 Follow all of our #BHUSA 2025 coverage: itspmagazine.com/bhusa25

    #Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

  14. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  15. 🐉 Top 10 Kali Linux Tools — Essential Picks

    Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

    #KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

  16. Lateral movement w Active Directory z wykorzystaniem WinRM

    Lateral movement (często tłumaczony jako ruch boczny) w środowiskach Active Directory bardzo rzadko opiera się na podatnościach w rozumieniu tych dostępnych w ramach bazy CVE. W praktyce znacznie częściej jest to konsekwencja nadużycia wbudowanych mechanizmów administracyjnych, które zostały zaprojektowane z myślą o automatyzacji i zdalnym zarządzaniu systemami z rodziny Windows....

    #Teksty #Metasploit #Mimikatz #Netsec #Poradnik #Powershell #Winrm

    sekurak.pl/lateral-movement-w-

  17. Ich darf am 22.4. mal wieder etwas über IT-Security erzählen: Beim MUC:SEC-Meetup in München zeigte ich, wie man mit dem Metasploit-Framework hackt!

    meetup.com/muc-sec/events/3003

    #itsec #security #mucsec #metasploit #hacker #hackers #hackerman #hacking #meetup #munich

  18. Day 9 of #AdventOfCyber2022 got a little more complex. Using the well known #Metasploit with #SOCKSProxy to get to todays flag.

  19. Metasploit erweitert Arsenal mit sieben neuen Exploit-Modulen

    FreePBX-Module kombinieren Authentifizierungsumgehung mit Code-Ausführung

    all-about-security.de/metasplo

    #metasploit #freepbx

  20. 🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

    Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

    #penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

  21. Honestly, 50 tools should be more than enough.
    Who really tests all 600+ tools in Kali or the 2,500+ in BlackArch?
    I tried... but some BlackArch tools didn’t even run properly...

    In BashCore and BashCoreX, every app works.
    No duplicates. No junk. Just tools that actually run.

    Yes, the ISOs are ~7GB,
    but we’ve got Metasploit, Searchsploit, and especially SecLists (which weighs a ton) 🤷🏻‍♂️

    #BashCore #BashCoreX #Debian #Pentesting #NoBloat #BlackArch #KaliLinux #SecLists #Metasploit

  22. I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

    Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

    #BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

  23. No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!

    Read the full details: rapid7.com/blog/post/pt-metasp #Metasploit

  24. Encoder exposed! 💥 Get the details on the latest Metasploit Framework release: new encoder options for better payload control, fresh RCE exploits (Tactical RMM SSTI, MajorDoMo), and Linux RC4 Packer for in-memory execution. Read the full wrap-up: rapid7.com/blog/post/pt-metasp #Metasploit

  25. Stop reading theory without results.

    This bundle combines the Master #Hacker ebook with hands-on video walkthroughs that turn recon, #Metasploit exploitation, AV evasion, and #Python #scripting into practical skills you can deploy immediately:

    hackersarise.thinkific.com/bun
    #cybersecurity #infosec

  26. Having some trouble updating BashCore on bookworm before it fades into oblivion.

    Planning to release both BashCore and BashCoreX with kernel 6.1 and the very last updates (Metasploit is giving me headaches).

    The fun part? I’m using BashCoreTX via SSH into BashCore for debugging, all running on VirtualBox.

    #BashCore #Linux #Debian #Metasploit #Bookworm #SSH #Virtualbox #Trixie

  27. Используем Python и metasploit для автоматизации рутинных задач эксплуатации

    Эксплуатация уязвимостей — это не обязательно тысяча ручных шагов. Особенно, если есть Python и Metasploit. В этой статье я расскажу, как автоматизировать атаку и постэксплуатацию так, чтобы всё работало, а вы — отдыхали.

    habr.com/ru/companies/pm/artic

    #python_3 #python #metasploit #nuclei #шаблонизаторы #информационная_безопасность #автоматизация #автоматизация_тестирования #zimbra

  28. Metasploit on BashCoreT: LoadError - cannot load such file: parallel.

    Translation: “Nice build you have there… shame if something happened to it.” 😅

    Time to tear it down and start over...

    #BashCoreT #Linux #Pentesting #Metasploit #DevLife

  29. @stux heh, yeah the msf folks are pretty fast :D

    years ago i used to chill in #metasploit on freenode with them all and it was super awesome to be part of the discussion when a new thing landed.

    it was SUPER SUPER COMMON for some crazy bullshit vuln to land at like 9pm on a friday night, and we'd spend all weekend screwing around making payloads.

    the good ol days :D

  30. Oh wow, someone already made #Metasploit modules that target CVE-2025-53770 and CVE-2025-53771 in the recent #SharePoint 0-Day vulnerabilities

  31. Go beyond just using Metasploit – learn to build with it.

    This comprehensive 2nd Edition guides you with foundational commands through porting public exploits (Chapter 12), building your own modules in Ruby (Chapter 13), and even fuzzing for novel vulnerabilities (Chapter 14).

    Elevate individual skills while enriching the broader field. #Metasploit #InfoSec #ExploitDev #CyberSecurity

    nostarch.com/metasploit-2nd-ed

  32. Metasploit Basics: Your First Stop in Ethical Exploitation 🚂💻🛡️

    The Metasploit Framework is a powerful tool used by ethical hackers and penetration testers to identify and validate security vulnerabilities — all within authorized lab environments.

    🧠 What you'll learn as a beginner:
    • Launching msfconsole and navigating modules
    • Using search, use, and show options commands
    • Exploiting known vulnerabilities (e.g., MS08-067) in test environments
    • Understanding payloads, listeners, and sessions
    • Basics of Meterpreter for post-exploitation testing

    🎯 Ideal for cybersecurity learners, OSCP candidates, and red teamers building foundational skills — ethically and safely.

    Disclaimer: This content is intended for educational and ethical use only. Use Metasploit only in lab environments or with explicit permission.

    #Metasploit #EthicalHacking #CyberSecurity #RedTeamTools #InfoSec #EducationOnly #PenTestReady #OffensiveSecurity #Meterpreter

  33. 🔥 Installing Metasploit can be a headache... Dependencies, bundler, setup…

    😆 But on BashCore, no need to squeeze your mind! I've done it all for you. Just launch it the raw way using:
    /opt/metasploit-framework/msfconsole

    🔒 No shortcuts, no aliases—just pure pentesting spirit!

    #BashCore #Pentesting #Linux #Metasploit #KeepItRaw

  34. Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday

  35. I hope everyone is having a good weekend!

    The Palo Alto Networks Unit 42 research team discovered some activity that they attributed to a very stealthy and rarely seen APT, #Gelsemium. They target a diverse group of industries but use tools like #CobaltStrike, #MetaSploit, and #ChinaChopper but also used the Potato Suite that was seen as JuicyPotato.exe (who can't appreciate that?!). This was a great weekend read and I hope you all enjoy it as much as I did! Happy Hunting!

    Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
    unit42.paloaltonetworks.com/ra

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  36. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  37. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

  38. Testing #BashCore #Injector on the worst laptop alive:
    💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

    Ubuntu Server + Injector = full CLI pentesting kit:
    🔎 #nmap #amass #dirb
    💥 #hydra #sqlmap #metasploit
    🕸️ #tshark #proxychains4 #tor
    🛠️ #vim #curl #python3 #R + more.

    Let’s see if this relic can still hack it 🤟🤞

    #bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector