#metasploit — Public Fediverse posts on home.social

Habr @[email protected] · 2026-04-16 · 18:32 UTC

Как наказать цифрового воробья или как я проходил таск PigeonsRevenge от платформы ACLabs.pro

Данный таск был частью 5 сезона CTF, который проходил на площадке ACLabs. Машина необычная с увлекательным сюжетом и интересными уязвимостями. Условие задачи: Борис — старый почтовый голубь. Катя, его голубка, улетела к наглому Воробью. Три дня Борис пил дешёвое пойло и строчил план мести. Теперь этот план у тебя. Помоги Борису пробраться в цифровое гнездо Воробья, украсть его аккаунт и стать рутом. Следуй за пьяными записками — там всё сказано и даже больше. Внимание, стенд будет полностью готов только по истечении обратного времени отсчета, даже если адрес появился раньше! Цепочка атаки Атакующая цепочка «PigeonsRevenge» комбинирует одну реальную критическую CVE (Webmin 1.910 — CVE-2019-15107, 9.8 CRITICAL) с набором классических техник ATT&CK : активная разведка → port knocking → эксплуатация публичного приложения → Metasploit reverse-shell → туннелирование Ligolo-ng → инъекция через переменную окружения в кастомный бинарник → обход фильтра табуляцией → закрепление с root -привилегиями.

https://habr.com/ru/articles/1024360/

#nmap #bash #docker #ssh #ghidra #cve #webmin #metasploit #privelege_escalation #pivoting

#pivoting #privelege_escalation #metasploit #webmin #cve #ghidra

sekurak News @[email protected] · 2026-02-18 · 03:32 UTC

Lateral movement w Active Directory z wykorzystaniem WinRM

Lateral movement (często tłumaczony jako ruch boczny) w środowiskach Active Directory bardzo rzadko opiera się na podatnościach w rozumieniu tych dostępnych w ramach bazy CVE. W praktyce znacznie częściej jest to konsekwencja nadużycia wbudowanych mechanizmów administracyjnych, które zostały zaprojektowane z myślą o automatyzacji i zdalnym zarządzaniu systemami z rodziny Windows....

#Teksty #Metasploit #Mimikatz #Netsec #Poradnik #Powershell #Winrm

https://sekurak.pl/lateral-movement-w-active-directory-z-wykorzystaniem-winrm/

#teksty #metasploit #mimikatz #netsec #poradnik #powershell

AllAboutSecurity @[email protected] · 2026-01-31 · 08:07 UTC

Metasploit erweitert Arsenal mit sieben neuen Exploit-Modulen

FreePBX-Module kombinieren Authentifizierungsumgehung mit Code-Ausführung

https://www.all-about-security.de/metasploit-erweitert-arsenal-mit-sieben-neuen-exploit-modulen/

#metasploit #freepbx

Pyrzout :vm: @[email protected] · 2026-01-08 · 15:00 UTC

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) https://www.helpnetsecurity.com/2026/01/08/hpe-oneview-cve-2025-37164-exploited/ #securityupdate #vulnerability #datacenter #Metasploit #Don'tmiss #Hotstuff #Rapid7 #News #CISA #HPE

#securityupdate #vulnerability #datacenter #metasploit #don #hotstuff

nickbearded @[email protected] · 2025-10-06 · 18:22 UTC

I was working on the new BashCore build when the process suddenly failed because the Metasploit #APT #repository returned a “file has unexpected size” error... 😳😩🤔

Seems like a temporary #checksum #mismatch during #mirror #sync, hopefully nothing serious. Rebuilding now to see if it’s fixed.

#BashCore #Debian #Metasploit #LiveBuild #LinuxDev #FOSS

#apt #repository #checksum #mismatch #mirror #sync

Anastasis Vasileiadis @[email protected] · 2025-09-29 · 11:06 UTC

🚀 Beginner’s Guide to Penetration Testing — Start Your Ethical Hacking Journey

Learn the five core phases of a pentest (recon → scanning → gaining access → post-exploitation → reporting), the essential tools you’ll use, and the ethical mindset to practice safely and legally. Perfect for beginners who want a practical, hands-on path into cybersecurity. 🛡️🧭

#penetrationtesting #ethicalhacking #cybersecurity #Infosec #pentest #BeginnerGuide #KaliLinux #Nmap #Metasploit #HackingTools #SecurityTesting #WhiteHat #AxximumInfoSolutions

#penetrationtesting #ethicalhacking #cybersecurity #infosec #pentest #beginnerguide

Anastasis Vasileiadis @[email protected] · 2025-09-29 · 09:24 UTC

🐉 Top 10 Kali Linux Tools — Essential Picks

Quick list of 10 widely-used Kali tools for recon, web testing, exploitation, and forensics — use only in labs or with explicit permission. ⚡🛡️

#KaliLinux #PenTesting #InfoSec #EthicalHacking #Nmap #Wireshark #Metasploit #BurpSuite #Hashcat #Forensics

#kalilinux #pentesting #infosec #ethicalhacking #nmap #wireshark

Marco Ciappelli🎙️✨:verified: :donor: @[email protected] · 2025-08-13 · 02:11 UTC

🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

H⁫⁫⁫⁫⁫⁫⁫⁫⁫D⁫‏‏ ⁫⁢Moore￻, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

Key insights from our conversation:

• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

• Traditional agent-based tools can't see what attackers see

#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

📺 Watch the video: https://youtu.be/hkKJsKUugIU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about RunZero: https://itspm.ag/runzero-5733

✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

#blackhatusa #cybersecurity #metasploit #shadowit #runzero #bhusa

Marco Ciappelli🎙️✨:verified: :donor: @[email protected] · 2025-08-13 · 02:11 UTC

🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

H⁫⁫⁫⁫⁫⁫⁫⁫⁫D⁫‏‏ ⁫⁢Moore￻, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

Key insights from our conversation:

• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

• Traditional agent-based tools can't see what attackers see

#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

📺 Watch the video: https://youtu.be/hkKJsKUugIU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about RunZero: https://itspm.ag/runzero-5733

✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

#blackhatusa #cybersecurity #metasploit #shadowit #runzero #bhusa

Marco Ciappelli🎙️✨:verified: :donor: @[email protected] · 2025-08-13 · 02:11 UTC

🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

H⁫⁫⁫⁫⁫⁫⁫⁫⁫D⁫‏‏ ⁫⁢Moore￻, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

Key insights from our conversation:

• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

• Traditional agent-based tools can't see what attackers see

#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

📺 Watch the video: https://youtu.be/hkKJsKUugIU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about RunZero: https://itspm.ag/runzero-5733

✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

#blackhatusa #cybersecurity #metasploit #shadowit #runzero #bhusa

Marco Ciappelli🎙️✨:verified: :donor: @[email protected] · 2025-08-13 · 02:11 UTC

🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

H⁫⁫⁫⁫⁫⁫⁫⁫⁫D⁫‏‏ ⁫⁢Moore￻, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

Key insights from our conversation:

• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

• Traditional agent-based tools can't see what attackers see

#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

📺 Watch the video: https://youtu.be/hkKJsKUugIU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about RunZero: https://itspm.ag/runzero-5733

✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

#technology #tech #zeroday #securityvisibility #bhusa25 #attacksurface

Marco Ciappelli🎙️✨:verified: :donor: @[email protected] · 2025-08-13 · 02:11 UTC

🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!

We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏

The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management

Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.

H⁫⁫⁫⁫⁫⁫⁫⁫⁫D⁫‏‏ ⁫⁢Moore￻, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.

Key insights from our conversation:

• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had

• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days

• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls

• Traditional agent-based tools can't see what attackers see

#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.

📺 Watch the video: https://youtu.be/hkKJsKUugIU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about RunZero: https://itspm.ag/runzero-5733

✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity

#blackhatusa #cybersecurity #metasploit #shadowit #runzero #bhusa

nickbearded @[email protected] · 2025-06-04 · 14:10 UTC

Testing #BashCore #Injector on the worst laptop alive:
💻 Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

Ubuntu Server + Injector = full CLI pentesting kit:
🔎 #nmap #amass #dirb
💥 #hydra #sqlmap #metasploit
🕸️ #tshark #proxychains4 #tor
🛠️ #vim #curl #python3 #R + more.

Let’s see if this relic can still hack it 🤟🤞

#bashcore #ubuntu #lowend #pentesting #linux #cli #bashcoreinjector

#bashcore #injector #nmap #amass #dirb #hydra

nickbearded @[email protected] · 2025-05-31 · 18:51 UTC

Honestly, 50 tools should be more than enough.
Who really tests all 600+ tools in Kali or the 2,500+ in BlackArch?
I tried... but some BlackArch tools didn’t even run properly...

In BashCore and BashCoreX, every app works.
No duplicates. No junk. Just tools that actually run.

Yes, the ISOs are ~7GB,
but we’ve got Metasploit, Searchsploit, and especially SecLists (which weighs a ton) 🤷🏻‍♂️

#BashCore #BashCoreX #Debian #Pentesting #NoBloat #BlackArch #KaliLinux #SecLists #Metasploit

#bashcore #bashcorex #debian #pentesting #nobloat #blackarch

Habr @[email protected] · 2024-08-28 · 11:42 UTC

Из лета в зиму: как хакеры сменили сезон для виртуального склада на Standoff

Привет! На связи организаторы кибербитвы Standoff, и в этой статье мы с командой 5HM3L поделимся с вами одним из свежих кейсов. В майской кибербитве принял участие наш партнер «Научно-производственное предприятие „Исток“ им. Шокина». Компания тестировала защищенность своей платформы IIoT.Istok . Как ломали российский промышленный IoT — рассказываем под катом. Повзламываем IIot?

https://habr.com/ru/companies/pt/articles/839156/

#cybersecurity #взломы #standoff13 #pentest #iiot #cobalt_strike #SharpHound #nmap #chisel #metasploit

#metasploit #chisel #nmap #sharphound #cobalt_strike #iiot

Habr @[email protected] · 2024-08-08 · 09:12 UTC

Топ опасных уязвимостей июля. Под угрозой пользователи ОС Windows и Linux

Хабр, привет! Я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии трендовые уязвимости. То есть те недостатки безопасности, которые либо уже эксплуатируются вживую, либо могут начать эксплуатироваться в ближайшее время. Сегодня расскажу про самые опасные уязвимости июля. Всего таких уязвимостей было три: 1️⃣ Уязвимость, приводящая к спуфингу, в движке для обработки и отображения HTML-страниц Microsoft Windows MSHTML Platform (CVE-2024-38112). 2️⃣ Уязвимость, связанная с выполнением произвольного кода в интерпретаторе PostScript и PDF-документов Ghostscript (CVE-2024-29510). 3️⃣ Уязвимость, связанная с выполнением произвольного кода в гиперконвергентной [1] платформе Acronis Cyber Infrastructure (CVE-2023-45249). Узнать самые опасные уязвимости июля

https://habr.com/ru/companies/pt/articles/834630/

#трендовые_уязвимости #эксплойт #linux #windows #hta #internet_explorer #ghostscript #metasploit #aci