Quick post to link our information from Source Barcelona 2011. @kernelsmith & i discussed alternative use cases for the Metasploit Framework. The presentation was shotgun / AHA! style, meaning we had a number of 5 minute mini-presentations within the larger 50 minute preso.
We first discussed extending the framework, then dove into topic-specific mini-presos:
- Host Anomaly Detection - This mini-preso was a discussion of the ways to find malware-infected hosts with the framework, and a strategy for automating the searches.
- Network Regression Testing - Using cucumber, we extended the framework to write regression tests against infrastructure
- Scheduled & Ongoing Infrastructure Discovery - We discussed using alternative systems to run modules within the framework. In this case, we used jenkins to kick off an RC file, and provide us with automatic alerts.
- Testing & Training Hardware / Software / Meatware - In this mini-topic, we used an RC file to iterate through the evasion options of a module and discussed ways you could automatically alert on a successful session (or IDS / IPS failure).
- IRC C&C - This was a fun demo, in which we used the Framework's RPC api (via IRC) to command and control a framework instance.
- Automating & Simulating Attackers - We breezed over this topic due to time limitations, but discussed ways that the framework could be automated to look like different types (T1->T5) attackers.
There's some useful information in the presentation about the different ways to extend the framework, including using RC files (with ruby blocks), plugins, modules, mixins, RPC and core libraries.
The presentation can be found here.
All of the code demoed is available here.
Look for additional information on this blog about each of these topics as we continue to work on the mini-projects.
