Hacking through a Straw (Pivoting over DNS)
Last month, I announced Beacon’s ability to control a host over DNS. I see Beacon as a low and slow lifeline to get an active session,
Staged Payloads – What Pen Testers Should Know
The Metasploit Framework decouples exploits from the stuff that gets executed after successful exploitation (the payload). Payloads in the Metasploit Framework are also divided into
That’ll never work–we don’t allow port 53 out
One of my favorite Cobalt Strike features is its ability to quietly manage a compromised system with DNS. Being rather proud of this feature, I
Metasploit 4.6 – Now with less Open Source GUI
Last week, I received an email from Tod B. at Rapid7 stating that the next binary installer of Metasploit would ship without Armitage and msfgui.
Pivoting through SSH
This is a pretty quick tip, but still useful. When you SSH to a host, you may use the -D flag to setup “dynamic” application-level
Missing in Action: Armitage on Kali Linux
As you may know, the highly anticipated Kali Linux is now available. If you’ve fired it up, you may notice it’s missing a familiar tool.
HOWTO Integrate third-party tools with Cortana
One of the goals of Cortana is to give you the ability to integrate third-party tools and agents into Armitage and Cobalt Strike’s red team
Deprecation Notice: Metasploit source checkouts will NO LONGER update over SVN – Move to Git
The official home of the Metasploit Framework’s source code has been github for a while now. Ever since the move to Git, Rapid7 has operated
Getting Started with Armitage and the Metasploit Framework (2013)
So, I just realized there isn’t a modern tutorial on how to start Armitage and take advantage of it. There’s the documentation, but my documentation tries
One Shot, One Kill – An Intelligent Web Drive-by Exploit Server
One of my favorite features in Cobalt Strike is the system profiler. This web application digs deep into your browser to discover the client-side applications