Monthly Archives: August 2015

Introduction to Metasploit Video

The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to become a commercial penetration tester, to demonstrate the risk of a vulnerability, or just need to identify certain weaknesses in your environment, Metasploit is your tool. Understanding how it works, and how to get started is the first step.

The Metasploit project was started in 2003 by HD Moore as an open source framework for developing and executing exploits. It’s modular designed allows developers to focus on the code unique to their objective without having to recreate components like transport methods or payloads.   It has since grown to include thousands of modules for exploitation, post-exploitation attacks, scanning, encoding, and others.

In addition to exploiting known vulnerabilities, Metasploit has the functionality to do port scans, identify systems with default passwords, using credentials or hashes to run commands on remote systems, and much more. You can even setup listeners for capturing user credentials via common protocols like HTTP and SMB to be used in multi-part attacks. And if the functionality you need doesn’t exist, it’s very easy to write your own new modules.

Before you get to all that though, you have to understand how Metasploit works and get it up and running.  We put together a one-hour webinar to help you get started. Whether you’ve never used Metasploit, or just need a refresher course, this video will walk you through the basic steps of understanding how things work, getting it installed, and exploiting your first vulnerability.

Check it out here:

When you’re ready for the next step, we also have a 2-hour recorded training class designed to help you become more proficient in Metasploit. It offers tips and tricks that we use on engagements. You can purchase that course for $25 here: Recorded Classes




Nathan Sweaney is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at nathan@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.

Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and… Continue Reading

Practical Pentest Advice from PCI

The PCI Security Standards Council released a Penetration Testing Guidance information supplement in March 2015.  This document, while geared towards the Payment Card Industry, provides a lot of valuable advice to the providers of penetration tests and their clients, regardless of industry.  At 40 pages in length the document might seem a bit heavy, so… Continue Reading