What is Metasploit? Do you use Metasploit? What value is there for Security professionals to use Metasploit? If you work in information security you have likely heard similar questions. In this talk, we will introduce the basic concepts behind Metasploit that will help answer these questions. We will also demonstrate scenarios where Metasploit Framework can expose weakness in an environment to better highlight risks.
In the last year, some new offensive techniques have made their way into Metasploit modules, let's look at how things like persistence methods can leverage the defenders tools to maintain access. If you just want to probe for access, without a full shell, how about trying out pingback payloads? Want to fly under the radar? Give encrypted shells a try.
This session will be held by Jeffrey Martin (@Op3n4M3). Jeffrey is a Lead Software Engineer at Rapid7, working on Metasploit. He has over a decade of experience working in various segments of computer security, including system administration, development of security software, hardening security features in mobile devices and assurance of data protection on associated networks.
In this session we will explore;
- What is Metasploit and the building blocks.
- Discuss the major components of Metasploit and how they interact.
- Demo metasploit being used to exploit a vulnerable target.
- "The New Shiny" with demos.
- Showcase some of the ideas for improvement.
- A few tips on items sometimes overlooked.
Kom og lær fra en hovedutviklerene på hva Metasploit virkelig er, og hvordan Metasploit kan hjelpe deg til å finne de skjulte svakhetene i dine systemer.