Comments on: Thoughts on Metasploit http://michaeldaw.org/news/news-311006-0 Weekly humour Thu, 07 May 2009 20:09:50 +0000 http://wordpress.org/?v= hourly 1 By: david.kierznowski http://michaeldaw.org/news/news-311006-0/comment-page-1#comment-621 david.kierznowski Wed, 01 Nov 2006 06:58:41 +0000 http://michaeldaw.org/news/news-311006-0/#comment-621 To add to HDM's point, I have noticed more and more web application exploits being added into its archive. So it does look like both network and web application exploits are being implemented. However, this doesn't include client-side exploitation (XSS etc) which I think is what pdp is trying to say. As a side note, we have some really exciting times ahead.. To add to HDM’s point, I have noticed more and more web application exploits being added into its archive. So it does look like both network and web application exploits are being implemented. However, this doesn’t include client-side exploitation (XSS etc) which I think is what pdp is trying to say.

As a side note, we have some really exciting times ahead..

]]> By: pdp http://michaeldaw.org/news/news-311006-0/comment-page-1#comment-618 pdp Wed, 01 Nov 2006 01:18:23 +0000 http://michaeldaw.org/news/news-311006-0/#comment-618 I also believe that bufferoverflows will fade away. However, I am not quite sure how Metasploit design will fit into the new type of attacks. It is not as generic as it should be. Even if it is, I don't believe that this is the way forward. After all, it is designed to be simple as well. I also believe that bufferoverflows will fade away. However, I am not quite sure how Metasploit design will fit into the new type of attacks. It is not as generic as it should be. Even if it is, I don’t believe that this is the way forward. After all, it is designed to be simple as well.

]]> By: HD http://michaeldaw.org/news/news-311006-0/comment-page-1#comment-617 HD Tue, 31 Oct 2006 17:27:37 +0000 http://michaeldaw.org/news/news-311006-0/#comment-617 I certainly can't take credit for most of the Metasploit Framework -- spoonm, skape, vlad, optyx, and dozens of contributors are the real reason behind the project's success. Buffer overflows will continue to be effective for at least another 5-10 years. There may be diminishing returns for newer applications and operating systems, but legacy systems (NT 4.0, which is remotely exploitable, with no patch, right now) and Windows 2000, will continue to be used for many years to come. Outside of overfows and memory corruption bugs, there are still many different directions for Metasploit to branch out. Web applications are just as vulnerable as ever, logic problems (auth bypass, administrative access gain) aren't going away anytime soon, and even if every software flaw ever was fixed, we still have a way in by brute forcing credentials. Buffer overflows will become less important in the long run, but exploits are forever :-) I certainly can’t take credit for most of the Metasploit Framework — spoonm, skape, vlad, optyx, and dozens of contributors are the real reason behind the project’s success. Buffer overflows will continue to be effective for at least another 5-10 years. There may be diminishing returns for newer applications and operating systems, but legacy systems (NT 4.0, which is remotely exploitable, with no patch, right now) and Windows 2000, will continue to be used for many years to come. Outside of overfows and memory corruption bugs, there are still many different directions for Metasploit to branch out. Web applications are just as vulnerable as ever, logic problems (auth bypass, administrative access gain) aren’t going away anytime soon, and even if every software flaw ever was fixed, we still have a way in by brute forcing credentials. Buffer overflows will become less important in the long run, but exploits are forever :-)

]]>