At the Black Hat security conference in Las Vegas, Mandiant security researchers Peter Silberman and Steve Davis are releasing a new forensic framework on Wednesday that will make it possible to detect whether or not a host was hit by Metapsloit's meterpreter. The new tool could change the game when it comes to Metasploit-based attacks that previously could not be identified on the target machine.
"Metasploit's meterpreter has been around since 2004 and it's a memory resident host exploitation module and because it's memory resident it breaks traditional disk forensics and the attacker leave no trace of the attack on the disk," Silberman said. "Our talk is how we can use memory forensics to reconstruct what an attacker has done with meterpreter to give analysts some idea of what has occurred."

In concert with the talk, the Mandiant researchers will release an open source tool called the Metasploit Forensic Framework. The goal of the tool is to make the undetectable, detectable. Metasploit itself is an open source vulnerability testing framework, but with meterpreter it has the stealth to evade most common security exploit detection mechanism.

The link for this article located at Internet News is no longer available.