Have You Been Hacked by Metasploit? Find Out!

    Date29 Jul 2009
    Posted ByAnthony Pell
    At the Black Hat security conference in Las Vegas, Mandiant security researchers Peter Silberman and Steve Davis are releasing a new forensic framework on Wednesday that will make it possible to detect whether or not a host was hit by Metapsloit's meterpreter. The new tool could change the game when it comes to Metasploit-based attacks that previously could not be identified on the target machine. "Metasploit's meterpreter has been around since 2004 and it's a memory resident host exploitation module and because it's memory resident it breaks traditional disk forensics and the attacker leave no trace of the attack on the disk," Silberman said. "Our talk is how we can use memory forensics to reconstruct what an attacker has done with meterpreter to give analysts some idea of what has occurred."

    In concert with the talk, the Mandiant researchers will release an open source tool called the Metasploit Forensic Framework. The goal of the tool is to make the undetectable, detectable. Metasploit itself is an open source vulnerability testing framework, but with meterpreter it has the stealth to evade most common security exploit detection mechanism.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.