|
New Tool Exposes Stealthy Metasploit Hack |
|
|
|
Source: Dark Reading - Posted by Anthony Pell
|
Researchers will release an open source tool at Black Hat USA that helps forensics investigators reconstruct attacks that use a popular Metasploit payload to covers its tracks.
Mandiant's Steve Davis and Peter Silberman have developed an "anti-" anti-forensics tool, of sorts, tentatively called the Metasploit Forensics Framework, which they'll demonstrate at the security conference later this month. The tool is aimed at unmasking what Metasploit's stealthy Meterpreter (PDF) did on a machine. Meterpreter lets developers write code in DLL files and execute everything in memory -- without writing anything to the victim machine's disk, where it could be detected and, in turn, complicate incident response.
Meterpreter can be used to download and upload files, execute code, and open its own command shell, the researchers say. Their new tool can tell if a Meterpreter packet is still in memory, and, if so, which files Meterpreter has accessed, and whether it has modified a registry key.
Read this full article at Dark Reading
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
