A couple weeks ago I rewrote a vulnerability for Metasploit that I originally wrote for CANVAS. The exploit is for a network printer application called NIPrint. It is a pretty basic stack overflow vulnerability and the language to the exploit is fairly straight forward.
The key parts, from a Metasploit user’s prospective, is the Target section [...]

There are two aspects to Metasploit that I would like to cover today. The first is pivoting, a topic I mentioned in a previous post, and the second is the way a user interfaces with Metasploit. Pivoting allows an attacker to use a compromised system to attack other systems on the same network. [...]

Yesterday I introduced the exploit module portion of Metasploit. In this installment of Metasploit Basics I will discuss the payload modules included in Metasploit.
The payload modules contain shellcode which can perform a number of interesting tasks depending on which payload is selected. There are seven main payload types available [...]

We often hear about Metasploit being used for attacks or exploits being developed for it but some may only have a general idea of the power of Metasploit. This set of articles is intended to to provide to the layman, who has never and may never run Metasploit, an understanding of [...]

On Tuesday Rapid7 released a new version of Metasploit. The newest release of Metasploit, version 3.4.0, added over 100 new exploit modules and over 40 new axillary modules from the 3.3 release, bringing the totals up to 551 and 261, respectively. Metasploit 3.4.0 now uses TightVNC for the VNC injection. It [...]

Optimal security configuration is a term we often use to describe what is measured by the Bandolier security audit files. One definition for optimal, according to my dictionary, is “most desirable”. Yes, I just busted out the clichéd dictionary definition. But I think it’s useful here because it helps get to this question: what is [...]

Nessus was an obvious choice when we set out to build the Bandolier Security Audit Files. First, it is one of the most popular security tools available and is the de facto standard for vulnerability scanners. The compliance plugins work perfectly for the goal of Bandolier – measure the optimal security configuration for SCADA and [...]

Fuzzing is growing up.  From the academics of the late 80s throwing random data at unix command line tools, to the early work by researchers and commercial groups in the last 90s and early 2000s, to the explosion of fuzzing topics at conferences around the world about 5 years ago its come a long way.
As [...]

A few thoughts after the intelligent comments, additional info, sound and fury:

Microsoft is in the very rare top tier of companies spending time and money on security. In gross $ and time probably number 1 and very high on a percentage of security to software development time. They are also among the most attacked. So [...]

There was an interesting discussion and information on what is the “best way from an ROI measure” to fuzz test at the CERT sponsored Vulnerablity Disclosure Workshop in DC this week. It led to some tweets back and forth between Digital Bond alumni Matt Franz and myself. First some background:
Fuzz testing is used by vendors, [...]