Posted on by Dylan Cornelius

July 2017 Meeting Video: Metasploit

The education portion of the July 2017 ISC(2) Austin Chapter meeting was about Metasploit.

Speakers were Brian O’Neill and Egypt of Rapid7.

Here’s the video of both the chapter meeting and education session.

Agenda Of The Education Session

  • Penetration Testing
  • Rapid7 and Metasploit
  • Metasploit Framework
  • Metasploit Pro
  • Other Tools
  • Takeaways

Penetration Testing

  • Often is required (e.g. by PCI-DSS, SOX, HIPAA)
  • Test and Verify Security controls
  • Adversarial testing is crucial
  • What we found among companies who let us talk about the results of their penetration testing:
    o Many people don’t know how often their organizations are pen tested

    o Of those who know, most are tested annually
    o Companies do the minimum regarding frequency of penetration testing (per regulatory requirements), which is usually not enough
    o Surprisingly, the most frequent penetration test result, among companies who allowed us share their finding, is nothing

    Teasers

    o “It’s super amateur hour in the malware world.”
    o “Exploitation is not always about vulnerabilities.”
    o “Phishing training does work.”
    o Vulnerable Service Emulator

 

© Copyright 2023, (ISC)² Austin Chapter. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, HCISPP and CBK are registered certification, service, and trademarks of International Information System Security Certification Consortium, Inc.

Disclaimer: (ISC)² does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks and trade dress is the property of (ISC)² Austin Chapter, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².”