Skip navigation
All Places > Metasploit > Blog > Authors patrick_hellen

Metasploit

5 Posts authored by: patrick_hellen

evade-anti-virus-detection.jpgHere on SecurityStreet, we get a lot of questions regarding penetration testing and how to evade various Anti-Virus programs detecting the work you're doing. Still, if you can't actually run a fully functional test, then you can't mimic the real world conditions that an attacker would take to try to get into and exploit your networks.

 

This guide: Security Guide: How to Evade Anti-Virus Detection, will help with how to best avoid that detection on the machines targeted by your Metasploit pen tests. Please note - this guide assumes some familiarity with Metasploit Pro and penetration testing in general.

 

Once you've read through the document, there's also an excellent Webinar, and a White Board Wednesday on this topic linked at the end of the document, for some additional insight and discussion.

 

Please let us know your feedback, ask any questions that we can clarify, and feel free to suggest other guides that might help with the specific security challenges you're facing day by day.

metasploitable ss.JPG

This week our Whiteboard Wednesday topic is on Metasploitable, our intentionally vulnerable virtual machine. Christian Kirsch from the Metasploit team, would like to talk about the finer points of how to download, install, and use this free tool as a test lab to get familiar with Metasploit. A lot of our customers are hesitant to use Metasploit on production machines, so this tool gives you the ability to sharpen your exploit knives with no risk.

 

Watch the video here!

 

Let us know what you think, any other topics you'd like us to cover, or feel free to leave us a comment below.

 

See you next Wednesday!

-Patrick Hellen

abusing winRM with MetasploitThis week's Whiteboard Wednesday is by our esteemed Metasploit expert David Maloney, on a subject he covered in this blog post: Abusing Windows Remote Management (WinRM) with Metasploit.

 

This WBW dives in to WinRM. A service designed to allow System Administrators to issue commands to remote machines. In this video, David discusses how Metasploit can identify these services and attack them gaining unfettered access to machines, and doing so without being detected by Antivirus Solutions.

 

Watch the video here!

 

Let us know what you think in the comments below, and we'll see you back here next week at the same WBW Time.

 

-P.

password auditing ss.JPGThis week's Whiteboard Wednesday features our ownhttp://www.rapid7.com/resources/videos/password-auditing-with-metasploit.jspDavid Maloney, speaking about password auditing techniques with Metasploit.

 

He details three quick and easy techniques for auditing in this clip including:

  • Brute forcing/online attacks
  • Hash Cracking/offline attacks
  • Password Recovery


This clip aims to give you a good overview about just how much risk your're being exposed to with passwords in your organization.

 

Watch the video here!

 

Thank as always for watching, and we'll see you next week - Same WB time, same WB channel.

In today's Whiteboard Wednesday, David Maloney explains anti-virus evasion techniques for Metasploit.davidss.PNG


In order to make the most of Metasploit pen testing techniques in delivering payloads, you need to be able to deliver those payloads without anti-virus flagging them. David walks us through a few examples on how to bypass anti-virus detection so you can easily pen test your systems.


Watch the video here!


Interested in some more information? Make sure to read David's blog post on the topic, and be sure to register for next week's webcast where David will present a deep dive on how to best evade AV with Metasploit.


Make sure to check in next week for our next episode of Whiteboard Wednesday.



Filter Blog

By date: By tag: