Play all

Intro

Infrastructure and Process

Data Models Model Concern Credential

Code and Functionality

Credentials Refactor Credential:{Private Public Realm}

Mimikatz 1.x Works on 2000 & XP Golden Ticket LSA secrets

Incognito v2 Support for 2008+ Recognizes deny-only SIDS

ADSI adsi_computer_enum adsi_domain_query adsi_user_enum

Clipboard management clipboard_get_data clipboard_set_data

BrowserExploitServer Incorporates JSObfu and OS/app detection Simplifies browser exploits ROPDB

Javascript Detection Updates for Os detection Support for extensions

Firefox Post Exploitation post/firefox/gather cookies history passwords

AddJavascriptInterface android/browser/webview_addjavascriptinterface

AOSP Browser UXSS auxiliary/gather/android_stock_browser_uxss

Printer Job Language HP's thing for talking to printers

Reverse Hop HTTP(S) Drop small PHP script on an intermediate host

Future work Moar credentials!!1!!! SMB2

Description:

Explore new features and enhancements in the Metasploit Framework in this 43-minute conference talk. Dive into infrastructure improvements, data model updates, and credential handling refinements. Learn about Mimikatz 1.x compatibility, Incognito v2 support, and ADSI enhancements. Discover updates to the BrowserExploitServer, including JavaScript obfuscation and OS detection. Examine new post-exploitation modules for Firefox, Android exploits, and printer communication. Gain insights into reverse hop HTTP(S) techniques and future developments in credential handling and SMB2 support.

More New Shiny in the Metasploit Framework

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Ethical Hacking #Penetration Testing #Programming #Databases #Database Design #Data Modeling #Data Models