1. MIS 5212.001 Week 4 Site: http://community.mis.temple.edu/mis5212sec001s15/ http://community.mis.temple.edu/mis5212sec001s15/

2.  Introduction  In the news  Live Demonstration of Exploits  Live Demonstration of SET  Building Modules in Metasploit  Creating Exploits  Porting Exploits  Scripting  Simulating Penetration Testing  Next Week 2MIS 5212.001

3.  Submitted  http://www.csoonline.com/article/2877230/brows er-security/the-end-for-1024bit-ssl-certificates-is- near-mozilla-kills-a-few-more.html http://www.csoonline.com/article/2877230/brows er-security/the-end-for-1024bit-ssl-certificates-is- near-mozilla-kills-a-few-more.html  http://www.infosecurity- magazine.com/news/china-tech-companies-source- code/ http://www.infosecurity- magazine.com/news/china-tech-companies-source- code/  http://blog.trendmicro.com/trendlabs-security- intelligence/trend-micro-discovers-new-adobe- flash-zero-day-exploit-used-in-malvertisements/ http://blog.trendmicro.com/trendlabs-security- intelligence/trend-micro-discovers-new-adobe- flash-zero-day-exploit-used-in-malvertisements/  http://www.huffingtonpost.com/kyle- mccarthy/five-colleges-with-data-b_b_6474800.html http://www.huffingtonpost.com/kyle- mccarthy/five-colleges-with-data-b_b_6474800.html MIS 5212.0013

4.  Submitted  http://www.darkreading.com/attacks- breaches/security-budgets-going-up-thanks-to- mega-breaches/d/d-id/1318714 http://www.darkreading.com/attacks- breaches/security-budgets-going-up-thanks-to- mega-breaches/d/d-id/1318714  http://www.nextgov.com/big- data/2015/02/apple-building-solar-powered-data- command-center/104400/?oref=ng-HPriver http://www.nextgov.com/big- data/2015/02/apple-building-solar-powered-data- command-center/104400/?oref=ng-HPriver  http://www.darkreading.com/browsers-are-the- window-to-enterprise-infection/d/d-id/1318906 http://www.darkreading.com/browsers-are-the- window-to-enterprise-infection/d/d-id/1318906 MIS 5212.0014

5.  What I noted  http://www.dailydot.com/politics/jeremy- hammond-terrorist-watchlist-fbi/ http://www.dailydot.com/politics/jeremy- hammond-terrorist-watchlist-fbi/  http://www.theregister.co.uk/2015/02/02/google_ amazon_taboola_microsoft_adplock_plus_unblock/ http://www.theregister.co.uk/2015/02/02/google_ amazon_taboola_microsoft_adplock_plus_unblock/  http://www.theregister.co.uk/2015/02/02/its_time _to_flush_flash_if_you_havent_already_enough_is_e nough/ http://www.theregister.co.uk/2015/02/02/its_time _to_flush_flash_if_you_havent_already_enough_is_e nough/  http://www.theregister.co.uk/2015/02/02/dns_hij ack_d_link/ http://www.theregister.co.uk/2015/02/02/dns_hij ack_d_link/  http://www.theregister.co.uk/2015/02/03/target_c arders_on_parking_lot_driveby_blitz/ http://www.theregister.co.uk/2015/02/03/target_c arders_on_parking_lot_driveby_blitz/ MIS 5212.0015

6.  Feedback from students last week indicated a preference to go through last weeks exploits live in class  We will run through nmap of Metasploitable, the exploits from last week, and the Social Engineering Toolkit on my laptop MIS 5212.0016

7.  Metasploit is primarily written in Ruby  The book “Metasploit” also uses a lot of PowerShell in it’s examples  We are not going to try and make you either Ruby or PowerShell developers here tonight  Rather, we will look at some of the basic structure and steps you might go through to modify modules for you own purposes. MIS 5212.0017

8.  Recall from Week 2, the Tomcat Exploit MIS 5212.0018

9.  Explore Modules MIS 5212.0019

10.  Here is what the start of this module looks like: MIS 5212.00110

11.  The previous page has some interesting lines to consider  “require ‘msf/core’”  Module will include all functionality from Metasploit’s core libraries  “class Metasploit3, Msf::Exploit::Remote  Defines this as an “Exploit” module  “include Msf::Exploit::Remote::HttpClient”  Pulls in the HttpClient module that includes functionality to handle http traffic MIS 5212.00111

12.  Grab a module close to what you want to do  Tweak it to get the functionality you need  This may involve sharpening your coding skills first MIS 5212.00112

13.  Depending on the Exploit, you may need to know:  MSSQL  Oracle  PowerShell  Bash  Etc… MIS 5212.00113

14.  Modifying the tools is one of the distinguishing skills in top flight Consultants  Lots of people can run nmap, Nessus, and Metasploit, but to distinguish yourself in the field, this needs to be your jumping off point. Please Note: I’m not saying I am any good at this, there’s a reason I’m teaching the course instead of consulting ;-) MIS 5212.00114

15.  For Metasploit, scripting is basically modules for meterpreter  Same concept as earlier, but specific to meterpreter sessions  This is also a point where the book contains older information  Scripts are no longer being accepted for Metasploit  Script functionality is being ported to modules. MIS 5212.00115

16.  Metasploit is constantly evolving  To stay on top you may want to follow on twitter:  HD Moore @hdmoore  Metasploit Project @metasploit  Andréz LAMOUROUX @DarkOperator  Check in on Rapid7 and DarkOperator  https://community.rapid7.com/welcome https://community.rapid7.com/welcome  http://www.darkoperator.com/ http://www.darkoperator.com/ MIS 5212.00116

17.  https://community.rapid7.com/community/ metasploit/blog/2015/01/30/weekly- metasploit-wrapup https://community.rapid7.com/community/ metasploit/blog/2015/01/30/weekly- metasploit-wrapup MIS 5212.00117

18.  http://www.coresecurity.com/core-impact- pro http://www.coresecurity.com/core-impact- pro MIS 5212.00118

19.  http://immunitysec.com/products/canvas/ http://immunitysec.com/products/canvas/ MIS 5212.00119

20.  We spent almost all of our time in the open source Metasploit Framework due to licensing  Metasploit Pro looks just as good and works just as well as the commercial products just mentioned MIS 5212.00120

21.  1 st Exam Covering Metasploit  In the news  Introduction to WebGoat MIS 5212.00121

22. ? MIS 5212.00122