Tuesday, August 15, 2006

Open Source Metasploit Improves Evasion


H.D. Moore, author of the Metasploit Framework, spoke at BlackHat last week in his characteristically frank and humorous manner. The framework, one of several projects branded under the aegis of Metasploit, is a tool that assists in the development and execution of exploit code against remote machines.

...Few tools are freely available to security researchers that are as powerful for developing and testing exploit code as the open source Metasploit Framework...

The new version is a complete rewrite all done in the Ruby language and includes many new features designed to expedite exploitation, as well as infuriate Intrusion Detection System (IDS) vendors...

The charismatic Moore explained to the assembled faithful that the current Metasploit 2.6 Framework has a number of problems, among which is it's written in Perl. According to Moore, there is no stable release of Perl 6 in sight.

"Perl 6 should be written by the time hell freezes over," Moore told the audience...

...Metasploit 3 is written in Ruby, a language that allowed Moore and his cohorts to compress the code by 40 percent... [new] Multitasking via Ruby threads allows Metasploit 3 users to conduct concurrent exploits and sessions. Exploit delivery is enhanced with new payload-closed and auxiliary modules, which can be integrated without security tools for target enumeration.

Metasploit 3 also takes aim at evading detection by IDS with strong evasion techniques that Moore claims will defeat most solutions.

"We really want to scare the IDS guys, and it's time to put our foot down," Moore said. "I'm not sure how they get past QA [quality assurance]; I'm not even sure they do QA..."

Ya gotta love this guy! He's the Chad Johnson of open-source developers*!

Enterprise IT: Open Source Metasploit Improves Evasion

* Johnson is the NFL receiver famous (or infamous) for his trash-talking. Some of my favorite Johnson quotes:

[On Packers cornerback Al Harris] "There are two things for Brother Harris this week... the bad thing is, he has to cover me. The good is, he can save 15 percent by switching his insurance to Geico"

"Last night, I felt like I wished I wasn't Chad Johnson. Last night, I felt like I wished I wasn't good. I had to keep from crying on the sideline because I wished I wasn't that good because I wouldn't be getting the attention I'm getting."

"On the highway, I hit a deer... I kept him. He's at home in the garage. I'm going to use him for the celebration this weekend. He's a prop. They might suspend me for the last game, but I think this one is worth it."

No comments: