Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

More New Shiny in the Metasploit Framework

via YouTube

Overview

Explore new features and enhancements in the Metasploit Framework in this 43-minute conference talk. Dive into infrastructure improvements, data model updates, and credential handling refinements. Learn about Mimikatz 1.x compatibility, Incognito v2 support, and ADSI enhancements. Discover updates to the BrowserExploitServer, including JavaScript obfuscation and OS detection. Examine new post-exploitation modules for Firefox, Android exploits, and printer communication. Gain insights into reverse hop HTTP(S) techniques and future developments in credential handling and SMB2 support.

Syllabus

Intro
Infrastructure and Process
Data Models Model Concern Credential
Code and Functionality
Credentials Refactor Credential:{Private Public Realm}
Mimikatz 1.x Works on 2000 & XP Golden Ticket LSA secrets
Incognito v2 Support for 2008+ Recognizes deny-only SIDS
ADSI adsi_computer_enum adsi_domain_query adsi_user_enum
Clipboard management clipboard_get_data clipboard_set_data
BrowserExploitServer Incorporates JSObfu and OS/app detection Simplifies browser exploits ROPDB
Javascript Detection Updates for Os detection Support for extensions
Firefox Post Exploitation post/firefox/gather cookies history passwords
AddJavascriptInterface android/browser/webview_addjavascriptinterface
AOSP Browser UXSS auxiliary/gather/android_stock_browser_uxss
Printer Job Language HP's thing for talking to printers
Reverse Hop HTTP(S) Drop small PHP script on an intermediate host
Future work Moar credentials!!1!!! SMB2

Reviews

Start your review of More New Shiny in the Metasploit Framework

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.