infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more slides, they suck 

git-svn-id: file:///home/svn/incoming/trunk@2599 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Matt Miller 2005-06-09 05:46:39 +00:00
parent 32518f1f9f
commit 13850f1b04
2 changed files with 57 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
dev/bh/bh05.pdf
View File

Binary file not shown.

69
dev/bh/bh05.tex
View File

@ -79,15 +79,15 @@
\pause
\item Post-exploitation suites
\begin{sitemize}
\item Very hot area of research within Metasploit
\item Suites built off advanced payloads
\item Very hot area of research for the Metasploit team
\item Suites built off of advanced payload research
\item Client-side APIs create uniform automation interfaces
\item Primary focus of Metasploit 3.0
\end{sitemize}
\end{sitemize}
\end{frame}
\begin{frame}[t]
\frametitle{Background: the exploitation process}
\frametitle{Background: the exploitation cycle}
\begin{sitemize}
\item \textbf{Pre-exploitation} - Before the attack
@ -120,7 +120,7 @@
\section{Pre-exploitation}
\begin{frame}[t]
\frametitle{Pre-exploitation - payload encoders}
\frametitle{Payload encoders}
\begin{sitemize}
\item Robust and elegant encoders do exist
@ -139,7 +139,7 @@
\end{frame}
\begin{frame}[t]
\frametitle{Pre-exploitation - NOP generators}
\frametitle{NOP generators}
\begin{sitemize}
\item NOP generation hasn't publicly changed much
@ -150,18 +150,22 @@
\end{sitemize}
\pause
\item NIDS continues to play chase the tail
\item Still, NIDS continues to play chase the tail
\begin{sitemize}
\item The mouse always has the advantage; NIDS is reactive
\item Advanced NOP generators and encoders push NIDS to its limits
\item Many protocols can be complex to signature (DCERPC fragmentation)
\end{sitemize}
\pause
\item Metasploit 2.4 released with a wide-distribution
multi-byte x86 NOP generator (Opty2)
\end{sitemize}
\end{frame}
\section{Exploitation}
\begin{frame}[t]
\frametitle{Exploitation}
\frametitle{Exploitation techniques}
\begin{sitemize}
\item Exploitation techniques have become very mature
@ -180,22 +184,63 @@
\section{Post-exploitation}
\begin{frame}[t]
\frametitle{Post-exploitation}
\frametitle{Standard payloads}
\begin{sitemize}
\item Very hot area of research within Metasploit
\item Commonly used payloads are limited
\item Standard payloads provide the most basic manipulation
of a target
\begin{sitemize}
\item Command shells (cmd.exe) have poor automation support
\item Port-bind command shell
\item Reverse (connectback) command shell
\item Arbitrary command execution
\end{sitemize}
\pause
\item Nearly all PoC exploits use standard payloads
\pause
\item Command shells have poor automation support
\begin{sitemize}
\item Platform dependent intrinsic commands and
scripting
\item Reliant on the set of applications installed on the
machine
\item Hindered by by chroot jails and host-based ACLs
\end{sitemize}
\end{sitemize}
\end{frame}
\begin{frame}[t]
\frametitle{``Advantage'' payloads}
\begin{sitemize}
\item Advantage payloads provide enhanced manipulation of
hosts, commonly through the native API
\item Help to reduce the tediousness of writing payloads
\item Core ST's InlineEgg
% TODO: Elaborate on InlineEgg
% TODO: others...
\end{sitemize}
\end{frame}
\pdfpart{Payload Stagers}
\begin{frame}[t]
\frametitle{What are payload stagers?}
\begin{sitemize}
\item Typically small stubs that load and execute another payload
\item Useful in conditions where size is limited
\end{sitemize}
% TODO: diagram of a stager?
\end{frame}
\section{Windows Ordinal Stagers}
\begin{frame}[t]
\frametitle{Overview}
\frametitle{Introduction}
\end{frame}
\begin{frame}[t]
\frametitle{Implementation: reverse stager}