Metasploit Project @metasploit
Official account of the Metasploit Project, part of the @rapid7 family. Mastodon: @[email protected] Slack: https://t.co/ZOLPDG2O2s metasploit.com/contribute Distributed Joined January 2009-
Tweets2K
-
Followers251K
-
Following188
-
Likes674
This weeks release includes a whooping 8 new modules including the latest PAN-OS RCE, and a slew of enhancements rapid7.com/blog/post/2024…
Super analysis by @ChairNectar detailing CVE-2024-4040 in CrushFTP - detailing the root cause, unauthenticated arbitrary file read primitive, and session stealing. Plus evasion techniques due to non compliant HTTP processing! 🔥
Super analysis by @ChairNectar detailing CVE-2024-4040 in CrushFTP - detailing the root cause, unauthenticated arbitrary file read primitive, and session stealing. Plus evasion techniques due to non compliant HTTP processing! 🔥
Rapid7's full technical analysis of #CrushFTP CVE-2024-4040 is available here courtesy of @ChairNectar. attackerkb.com/topics/20oYjlm…
Rapid7 researcher @ChairNectar analyzed CrushFTP CVE-2024-4040 and found that it's not only exploitable for arbitrary file read as root, but also authentication bypass for admin access and full RCE. Patch immediately. rapid7.com/blog/post/2024…
This weeks wrap up includes three new modules, targeting pgAdmin, CrushFTP, and MongoDB Ops Manager Diagnostic Archive rapid7.com/blog/post/2024…
Full @rapid7 analysis of PAN-OS CVE-2024-3400 now available from @stephenfewer and our stellar new research teammate @ChairNectar! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…
Join us for Take Command, a one-day virtual event, in partnership with @awscloud. A leading group of experts will share the latest in attacker analysis, emergent technologies, and SOC management. 👀 Save your seat ⤵️
This week's wrap-up is here with some cool info about the new Shadow Credentials module for Active Directory. rapid7.com/blog/post/2024…
The weekly wrap up is here with new AD CS templates for ESC 4, and some additional modules, enhancements, and fixes! Get it! rapid7.com/blog/post/2024…
This backdoor could potentially allow a malicious actor to compromise sshd authentication. If you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.
This week's wrap up is out with three new RCEs including one for SharePoint along with multiple bug fixes and other enhancements rapid7.com/blog/post/2024…
It's Friday folks, get the weekly wrap-up here: rapid7.com/blog/post/2024…
The weekly wrap-up is here! Check it out at: rapid7.com/blog/post/2024… :D
Reproduced! 💯
Rapid7 is disclosing two authentication bypass vulnerabilities @stephenfewer discovered in TeamCity (CVE-2024-27198, CVE-2024-27199). CVE-2024-27198 allows for unauthenticated remote code execution. rapid7.com/blog/post/2024…
John Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClTryHackMe @RealTryHackMe
234K Followers 103 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Hack The Box @hackthebox_eu
190K Followers 226 Following #1 Cyber Performance Center, providing a human-first platform to create and maintain high-performing cybersecurity individuals and organizations.mRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistPentester Academy @SecurityTube
188K Followers 15K Following We help professionals acquire the skills, knowledge and certificates by teaching defense through offense to advance their careers in cybersecurity.Binni Shah @binitamshah
132K Followers 175 Following Linux Evangelist, Malwares , Security Enthusiast, Philanthropist , Reformist , Jain. binitamshah at protonmail dot comAlh4zr3d @Alh4zr3d
19K Followers 283 Following Legal Criminal | Twitch cult leader | InfosecPrep founder | Lovecraft scholar | Soros mercenary | Spiritual cargo shorts wearer | Cthulhu fhtagnJason Haddix @Jhaddix
147K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.☣ KitPloit - Hacker.. @KitPloit
118K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!Ptrace Security GmbH @ptracesecurity
53K Followers 883 Following Empowering IT Security Professionals through Hands-On Online Courses.STÖK ✌️ @stokfredrik
127K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carshakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentTib3rius @0xTib3rius
57K Followers 445 Following Web App (mostly) Hacker | OnlyFeet Member | Cybersecurity Educator | AutoRecon Dev | Ex-Brit | Links: https://t.co/04RRExvxXj (he/him) 🇺🇸Rana Khalil 🇵🇸 @rana__khalil
51K Followers 869 Following AppSec Team Lead | OSCP | CEO & Instructor of @ranakhalilacadJosé Silva @jsilvadev_
1 Followers 77 Following 🛡️ Cybersecurity Specialist and Technician 🗽 LiberalVictor Malloy @malloy_vic11113
0 Followers 32 FollowingJuan Granata @Juan_Granata
7 Followers 35 FollowingChukwu_dera @_ChukwuDera_
1 Followers 21 Following God first || Col 1:15, Pro 16:3 || Career trilemma || Manchester United || Rep IGBO || Sapiosexual.Jhonny Z @azp_90
156 Followers 1K Following Microblog personal, escribiendo acerca de tecnología, redes, infraestructura. Próximamente blog. ¿Me invitas un café? 👇 https://t.co/ywKjbbypi1Navamani Balu V @_Balu_2
0 Followers 30 FollowingDavid Van Datta @dvandatta
16 Followers 164 FollowingJohn Bett @JohnBett164038
1 Followers 30 Followingeight8 @eight83400911
18 Followers 109 FollowingCharles Hernàndez @Yhazze
94 Followers 227 FollowingSubhankar Roy @subhankarsmith
18 Followers 139 Following पुस्तकस्था तु या विद्या परहस्तगतं धनम् । कार्यकाले समुत्पन्ने नसा विद्या न तद्धनम्।।Leticia Dejana @DejanaLeticia
105 Followers 116 Following Leticia Dejana| 20.11.2000 🌟 | Content Creator 🎨 | Traveller 🧳 | Spreading smiles with humor | Business: [email protected] | #girlboss IG: letii_dejaSpencer Damon @Spencerdamon197
67 Followers 334 Following WGU Cybersecurity and Information Assurance undergrad and Information Specialist at Visions In Education.mavery grine @GrineMaver62182
7 Followers 306 FollowingRahul Singh @rahul6904
6 Followers 164 FollowingHtpzeropointone Lab @htpzeropointone
115 Followers 406 FollowingWilliam Montalvo @coachwilliammon
33 Followers 59 FollowingNecr0Byte @necr0byt3
4 Followers 71 Followinglate @latewtf
0 Followers 72 FollowingFernando Fernandez �.. @FinFerFer
59 Followers 318 Following Dog by Day Scalper and #nafo #ninja #h4xx0r. #TangoDown. 🇺🇦🇸🇪🌹🥷XPLX-Ten-Zeros @XPLX0000000000
10 Followers 82 Following REMOVE THE SHACKLES FROM THE HUMAN MIND TO GLIMPSE THE SEAS OF CREATIVITYsconesly @sconesly_
9 Followers 36 FollowingRishav Dhiman @Rishav0316
0 Followers 71 FollowingLionKing2030 @SaudiLion2030
171 Followers 3K Following G7 Technology Artificial Intelligence Smart Cities Innovations and Patents Space NASA Environment Planet Earth Health English Premier LeagueJesus Uriel Santana O.. @santanaoliva_u
5 Followers 62 Following Soy un apasionado de la tecnología, Inteligencia artificial y el desarrollo de software. Me encanta estar al día con las últimas tendencias en el campo y siempruserpal123 @userpal12314138
2 Followers 19 FollowingCar @bettacallcarl5
114 Followers 618 FollowingJürgen @0x3BC1F733BD3C9
227 Followers 764 FollowingKevin Giles @GilesNivek
40 Followers 154 FollowingSearch @soosearxh
1 Followers 21 Followingmostafa Elserry @ElserryMos51616
23 Followers 462 Following𝙇𝙀𝙈𝙐𝙍�.. @__lemures__
0 Followers 22 Following Cybersecurity Student Top 13% TryHackMe Linux Enthusiast There's always more to learn.Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeHack The Box @hackthebox_eu
190K Followers 226 Following #1 Cyber Performance Center, providing a human-first platform to create and maintain high-performing cybersecurity individuals and organizations.LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioOffSec @offsectraining
311K Followers 119 Following Empowering the world to fight cyber threats with indispensable cybersecurity skills and resources. Build the path to a secure future with OffSec.Kali Linux @kalilinux
371K Followers 28 Following Kali Linux, The Most Advanced Penetration Testing Distribution. Ever. A project by OffSec. @[email protected]Vincent Yiu @vysecurity
27K Followers 203 Following Follow me for Cybersecurity #Thought #Leadership. Director Red Team. Help organizations safeguard their businesses from the bad guys.x0rz @x0rz
98K Followers 422 Following Cybersecurity & Threat Intelligence. Knowledge is power, France is bacon 🥓Zero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.Ryan Emmons @ChairNectar
124 Followers 182 Following Hello, thanks for stopping by! This profile is my own, and my tweets don't represent my employer. https://t.co/D9PuJ9Ur9mDouglas McKee @fulmetalpackets
1K Followers 982 Following SANS SEC568 Author and Instructor | Cybersecurity Leader | Hacker | All tweets and opinions are my own.Robert Knapp @power_napz
1K Followers 3K Following @[email protected] Leading Incident Response Services at Rapid7. A billionaire once asked me if I was illiterate.Daniel Feichter @VirtualAllocEx
6K Followers 232 Following Founder @RedOps / IT-Sec Research / Red TeamStacey Holleran 🟧 @mktb2b
3K Followers 1K Following #B2Btech comms in infosec. Red wine, dark chocolate, salt water, hard rock, cheese head, one love. @StaceyHolleran@infosec (dot) exchangeChristiaan Beek @ChristiaanBeek
10K Followers 2K Following Saved by His Grace • sr dir Threat Analytics @Rapid7 - opinions are my own• Speaker•Former @Foundstone @Intel @Kon_MarineTrustedSec @TrustedSec
74K Followers 791 Following End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet Blogs, news, webinars, and tools!James Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact detailsErik Wynter (@Wynter@.. @WynterErik
428 Followers 703 Following Making computers go boop instead of beep. Metasploit Contributor. Once-upon-a-time political scientist. No gods, no masters, no borders. 🏴 He/Him/They/ThemDual Core @dualcoremusic
121K Followers 79 Following International hip hop duo. int eighty (@int0x80) & c64 (@c64music). Booking and commissions: [email protected]. Legacy blue checkMatt Soseman @SosemanMatt
3K Followers 40 Following CTO, Ex-Microsoft, Cyber Security Strategist, Evangelist, and Architect. https://t.co/6i52fcJpkr and https://t.co/hw1B6QIHxiAndy - @G33KatWork@in.. @G33KatWork
4K Followers 691 Following I more or less left Twitter. The Musk is too musky.Kwan Lin @kwantitative
364 Followers 571 FollowingWhitney HacksWell @whitneynmaxwell
4K Followers 210 Following Security Consultant @Rapid7 |@DEFCON 26 Black Badge and Winner of #SECTF | Penetration Tester | Red Team | World TravelerRaj Samani @Raj_Samani
14K Followers 645 Following Chief Scientist @Rapid7 (ex @McAfee) | @cloudsa | Co-author of @CyberGridBook & CSA Guide to Cloud | Advisor @EC3Europol @[email protected]Nick Powers @zyn3rgy
1K Followers 209 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @ProtivitiAttackerKB @AttackerKb
919 Followers 16 Following Community-driven information, analysis, and discussion of vulnerabilities and threats. Part of the @Rapid7 family.Jared @DLL_Cool_J
779 Followers 748 Following Maker of things, breaker of bits. Statements are my own and do not reflect the views of my employer(s). #Founder of #APT Hot SauceAris Zikopoulos @azikopoulos
724 Followers 509 Following Co-Founder & Chief Commercial Officer at Hack The Box @hackthebox_eurunZero, Inc. @runZeroInc
2K Followers 7 Following Introducing runZero (formerly Rumble Network Discovery) Unmatched network visibility and asset inventory. Zero unknowns on your network. Try runZero for free.xchg justin,justin @justinsteven
5K Followers 261 Following 10x full-stack hacker. he/him. https://t.co/TLufkqriTGGeorgia Weidman @georgiaweidman
37K Followers 8K Following Author: Penetration Testing https://t.co/GA8xKdkaTf Founder: @bulbsecurity & @shevirahsec Professor: @UMDGlobalCampus currently writing 2nd editionRAMELLA Sébastien �.. @Mekhalleh
421 Followers 243 Following Hunter/Journalist at https://t.co/FQgKIYTFi0 and official #Troll for @MattAudibert, @PoliceNationale, and others French institutes.Francesco Soncina @phraaaaaaa
3K Followers 4K Following OSCE // OSCP // Ethical Hacker & Red Teamer // Full Stack Developer // CTF Player @DonkeysTeamWell kempt, no psycho.. @DeanAsInSean
62 Followers 171 FollowingHairy Mongrel @hairy_mongrel
40 Followers 54 Following Wannabe Hacker. Whiskey drinker. My tweets reflect my own opinions.@andreasdotorg@infose.. @andreasdotorg
13K Followers 4K Following Permanently closed. Profile just here to squat my handle. @[email protected]Christophe De La Fuen.. @n00tmeg
282 Followers 175 FollowingMaddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her./dev/random @0xDezzy
3K Followers 5K Following 🏳️🌈🏳️⚧️🏴☠️ Dallas based security consultant | Anti-Social Social Engineer | High Tech Low Life | 🜏 My views are my own 𖤐Jake Williams @MalwareJake
131K Followers 2K Following Breaker of software | GSE #150 | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | He/him𝕆ℂ𝕆𝕞𝕒�.. @ocomar
24K Followers 4K Following Tech & Infosec Enthusiast, Social Geek and Global Netizen. French, English & sarcasm. Tea & Coffee lover. Anti-Fakenews.John Gordon @indiecom
3K Followers 719 Following 🏳️🌈 hacker horror film geek (➡️2️⃣🌐 fediverse: @[email protected])Steve Campbell @lpha3ch0
3K Followers 208 Following Retired Navy Aviation Electrician. Principal Consultant - Offensive Security. Seven CVE. Metasploit and Nuclei contributor.Robert Graham 𝕏 @ErrataRob
66K Followers 2K Following Created (BlackICE,IPS,sidejacking,masscan). Doing (blog,code,cyber-rights,Internet-scanning). @[email protected]Patrick Laverty 🎱 @plaverty9
4K Followers 1K Following Organizer https://t.co/koddp3Iu9y, Host #Layer8Podcast, trust but verify.Rachel Tobac @RachelTobac
107K Followers 8K Following Hacker & CEO @SocialProofSec security awareness/social engineering training, videos, talks | 3X @DEFCON🥈 | Chair @WISPorg | @CISAgov Technical Advisory CouncilGlenn 📎 @NTKramer
918 Followers 2K Following Experienced InfoSec | Elder Millennial | 💼 @GreyNoiseIO | I ask 'why?' a lot | Pro Oxford Comma | Fix it! | He/Him | #BLM | Views are my own.Oddvar Moe @Oddvarmoe
19K Followers 1K Following Red Teamer @TrustedSec | MS MVP | Speaker | Security Researcher | Blogger | Total n00b & always learning | UNC1194 | Tinkerer | Gamer I try to inspire!cje @caseyjohnellis
29K Followers 4K Following founder/chief strategy officer @bugcrowd && co-founder @disclose_io || pioneer of crowdsourced security as-a-serviceJoin us for Take Command, a one-day virtual event, in partnership with @awscloud. A leading group of experts will share the latest in attacker analysis, emergent technologies, and SOC management. 👀 Save your seat ⤵️
Reproduced! 💯
We have disclosed 2 authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199, affecting JetBrains TeamCity CI/CD server. The most severe of which allows for unauthenticated RCE. Read all the details here: rapid7.com/blog/post/2024…
@mubix @argyllemovie @rapid7 @metasploit new banner idea just dropped
Our team at @assetnote has published the blog post on the Progress WS_FTP RCE (CVE-2023-40044). It was fun to find an RCE in the middleware layer (IIS HTTP Module), and it was also quite surprising that the exploit did not require authentication: assetnote.io/resources/rese…
TIL, one can load BOF with @metasploit - 🔥 - rapid7.com/blog/post/2022… - docs.metasploit.com/docs/using-met…
👨💻New video from Arch Cloud Labs! Checkout how to integrate #LOLBINs/#GTFOBINs with @metasploit's FETCH payloads! A step-by-step guide on how to integrate your favorite lolbins with fetch payloads. Great opportunity to contribute to upstream! youtu.be/QEFxIn9GibU #redteam
With "Meterpreter vs. Modern EDR(s)" I want to show, that the shellcode of well-known C2 frameworks like Metasploit is not always a limiting factor. No new insights, but I want to share them with the #infosec community. redops.at/en/blog/meterp… #redteam #itsec #itsecurity
One of these days I may learn to calm down and slow down and not get so excited when I am teaching people how to use @metasploit. Today is not that day. Rest of the year isn’t looking too good either.
Just managed to replicate a common GenericWrite/RBCD attack chain I usually do with Impacket but instead used pure MSF. Will blog it tomorrow for anyone curious how to use the new features
Metasploit Framework 6.3 is out now🎉 New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats. rapid7.com/blog/post/2023…
A detailed analysis on embedding payloads (x86) using @metasploit's MSFVenom . We look at effects the payload has on the binary, how the redirection stub works, and a quick look at defeating some AV signatures when we use this technique Take a peek steve-s.gitbook.io/0xtriboulet/tt…
Would anyone be interested in a detailed analysis of how msfvenom’s -x option works? Here’s a good write up on how to use it, but I’m interested in showing how it works offensive-security.com/metasploit-unl…
And, of course, there are a slew of @metasploit modules that I'm going to start creating pull requests for.
I still love that the twitter tile image for these is @mainframed767’s amazing 😻 Z art 🖼
This week's wrap-up features an unauthenticated RCE in Sourcegraph Gitserver, a new module to decrypt Citrix Netscaler appliance configuration files, and a JBOSS EAP/AS Remoting Unified Invoker RCE. Get it here! rapid7.com/blog/post/2022…
@catc0n @metasploit Can’t pinpoint it from the too of my head .. but I guess my pentesting targets are usually custom and not compatible with msf (or maybe I just didn’t find the right module 😄) While my personal targets are more in harmony with msf
learned ruby
Hey folks, help us out. What do you use Metasploit for? Feel free to add comments too if your answer isn't shown.
In 10 days I'll be facilitating #SEC580 w/ @jeffmcjunkin instructing! We'll be diving deep into @metasploit's secrets for two full days. Check out more bite sized (2-3 day) courses at @SANSInstitute Stay Sharp events --> sans.org/cyber-security…
Two years ago, my not-so-secret plan was to make so many contributions to @metasploit that the folks at Rapid7 would eventually be more or less forced to hire me. Maybe I should get back on that...