BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Right-click Metasploit Integration

Posted July 12, 2011    Marc Maiffret

At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective.

While other products continue to lock IT folks into ‘one size fits all’ processes around vulnerability management, we are striving to give you all the information you need to make better educated decisions on how you want to manage vulnerabilities and risk within your business. There is no one right way to manage a vulnerability nor is there one risk score for a vulnerability that maps equally to all companies. Context is key.

In continuing to provide extra flexibility to make better vulnerability management decisions based on how your IT process works, and not how your vulnerability management software wants to force your IT process to work, we are happy to announce right-click Metasploit integration.

As most of you know, we have had integration between both the free and commercial version of Metasploit for data importing for a while now. Thanks to the great work of our friends on the Metasploit Framework team, you are able to import Retina vulnerability scan data directly into Metasploit to then launch exploits against vulnerabilities that Retina discovered. This is in the same way that you can also import Retina scan results into Core Security’s Core Impact product for exploit testing.

We decided to take our integration with Metasploit even further by giving Retina Network customers, and users of our free scanner Retina Community, the ability to right-click on a vulnerability within Retina and launch any applicable Metasploit exploit that might exist. This now creates a dual channel ability by which you can use the free version of Metasploit to either import Retina data into Metasploit to launch applicable exploits or to directly launch Metasploit exploits from within Retina itself. All you need is Retina and Metasploit installed on the same system. We take care of the rest.

eEye’s Director of Product Management, Morey Haber, has put together a video to show this new integration and just how straight forward it is.

This is only the beginning of what we have in store for leveraging the free version of Metasploit to harness its exploit testing capabilities to be at the fingertips of Retina commercial and free Retina Community users. Stay tuned for a lot more integrations with Metasploit free and improvements on top of this first “right-click to exploit” integration release.

As always exploits are far from an exact science and when it comes to prioritizing your vulnerabilities you cannot discount a vulnerability simply because an exploit framework failed to properly exploit a vulnerability. There are many factors that can cause an exploit to fail and also plenty of times where an exploit framework will simply not have an exploit for a vulnerability even though attackers in the wild do.

For example Metasploit free only had exploit coverage for roughly 9% of all Microsoft vulnerabilities in 2010. There is always going to be a gap between the thousands of malicious attackers and their exploit toolkits and what a commercial company can develop with tens of employees. The non-exact science of exploit reliability and incomplete coverage of exploits to vulnerabilities are two factors to keep in mind when thinking about how to prioritize your vulnerabilities.

Stay tuned as we have some more major product announcements in the works that build upon both this integration and show brand new ways of helping you prioritize your vulnerability management process.

P.S. eEye will be sponsoring and exhibiting at this year’s Black Hat conference in Las Vegas. We hope to catch up either at our booth or the craps table. You can find out more here: http://www.eeye.com/fearnot

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,