You can't secure what you don't acknowledge.SM

Thursday, December 23, 2010

Quick step-through of Metasploit Express

I've been raving about the penetration testing tool Metasploit for a while. With the release of Metasploit Express earlier this year I'm even more pleased with all the efforts HD Moore and his team have put forth. Metasploit Express is a commercial product you'll have to pay for but to me it's well worth the investment. It's easier to use, it has nice reporting and more. All the things we need in today's world of junk security tools that just don't deliver.

In the event you haven't tried it out, here's a brief walk-through of some of the nice features and capabilities of Metasploit Express.

<-- The main interface for a "project" provides access to hosts, sessions, reports, modules and tasks - the main sections of the app.










<-- If your vulnerability scanner has found a specific vulnerability you can search for it in Metasploit Express to confirm there's an exploit module as shown here.








<-- You can then manually launch the exploit on your target host.














<-- Once a vulnerability has been exploited and the payload delivered, you can gather evidence as shown here.












<-- Or, you just can just obtain a remote command prompt showing that you've compromised the host.














<-- When all's said and done, you can kill your session, clean up the remnants and be done with it.

































There are numerous other features within Metasploit Express that allow you to automate host discovery, the exploitation process and so on...just a bit much to cover in one blog post. Perhaps I'll cover that in detail in my next edition of Hacking For Dummies. :)

All in all, Metasploit Express is a security testing tool you shouldn't be without. It's a great way to "prove" those security vulnerabilities you discover are indeed a business problem.

Monday, December 20, 2010

Tips and tricks on e-discovery, forensics, and managing esi

Here are a few pieces I wrote and recorded for SearchCompliance.com on managing all that electronic data on your network that you're constantly drowning in...

Leaning on records management can take the angst out of e-discovery

Why you need to create an ESI strategy (webcast)

Why you need to create an ESI strategy (podcast)

What is computer forensics technology? Does it help compliance?

Possible bomb at Newark, ratchet up security!!??

I heard a news story this morning about the possible bomb that was found at Newark Airport. The reporter went on to say that TSA is "ratcheting up security" and searching bags with more scrutiny in the event the threat is real.

What I want to know is (and can't seem to find the answer to): why is it we "ratchet up security" when a such threat is detected rather than putting controls and processes in place that allow us to remain vigilant at all times?

So, we see a threat, we scurry to lock things down, and a few minutes or weeks later (or years in the case of the 9/11 attacks) we get back into our old complacent ways. I wrote about this phenomenon earlier this year in this piece for Security Technology Executive magazine:

Don't lose sight of what's important

...I just don't get it.