Penetration Testing Using Metasploit with Keith Watson
Metasploit is a cool open-source framework for conducting penetration tests. Not only does it help you conduct your tests, but it has a bunch of modules that can help you scan a target system looking for vulnerabilities.
In this episode Keith Watson, author of the Introduction to Penetration Testing Using Metasploit Pluralsight course will give us a high-level overview of how to get started with Metasploit, as well as some best practices for penetration testing.
Get your white hats on and listen up!
About Keith Watson
Keith Watson started his career in information security in 1997 at Sun Microsystems developing security tools for the enterprise. After several security-focused roles at Sun, he returned to his alma mater of Purdue University as a research engineer with the Center for Education and Research in Information Assurance and Security (CERIAS) to work on information security research in intrusion detection, forensics tools, and security architecture.
Keith is now an enterprise security architect at Purdue focused on protecting intellectual property and information assets. He also leads an active local security interest group, which he helped start in 2009. Along the way, Keith has trained many IT and information security professionals, published security guidance for operating systems, software, and social media, and was a TEDx 2014 speaker.
Quotes & Insights from this Test Talk
- Metasploit is a really fantastic opensource frame work for conducting penetration test. Not only does it help you with conducting the test, it also has auxiliary modules that can help you scan a target system looking for vulnerabilities or at least system configuration. What we typically call, reconnaissance, right? We're trying to find more about what that target system has. It also has a number of post exploitation capabilities and that really is once you penetrate it, a system where you found a weakness that you can exploit and you've gained access to that system. There are a lot of tools such at Interpreter which allow you to do further testing of the system to what we call, pivot or laterally move to another system also on that target network.
- I think the challenge here is that, the way we use Metasploit is really about binding and exploiting vulnerabilities. You need to have the skills to think in that mindset. Curiosity is certainly a key aspect in that and being able to effectively use the tools in another. Most of the included exploits that come with Metasploit exist to exploit known vulnerabilities. You can build your own exploit capabilities. You can say, “Discover, I know there's a vulnerability in this particular tool.”
- With the capabilities of Metasploit. They're significant in that if you're using it for good, you're going to be able to identify weaknesses in a targets system. You'll be able to use it to inform system owners that there's a problem and we need to fix, you can point out specifically why. You can highlight changes that need to be made to that system. You can use it to protect information at a high level because you're using it to identify weaknesses. Basically you're protecting your organization and if you use it correctly, you're strengthening the profession.
- The EC council which is really the certification body for certified ethical hacking. They have a whole series of codes of ethics which expands all the way out to 17 different points. I referred to that in the course. There's also ISC square, which has a code of ethics which is a little more simply stated. Basically its, “Hey, we're here to protect society and the infrastructure. We want to be diligent, competent people and provide that service to the people we work with.” There's other cannons to it such as acting honorable, honestly, justly.
- Kali Linux is something that we mentioned specifically in the course and Kali is a great collection of security tools. They're always being updated, the base OS is being updated as well. It's not something that you have to install once and then it stays static. It's changing all the time, it has a great collection of tools. A lot of the things like Nmap and Metasploit, they're just built in and updated all the time. The one exception I ran into with Kali, is that I talk about a tool called OpenVAS. Which is a vulnerability assessment tool and that tool unfortunately got dropped in the update to Kali when they started using rolling upgrades. You can still install it, it just not is there by default. By the time the course went out, that part I did not notice and so unfortunately.
- Really the focus was on the ethics aspect of it. We really didn't want to have a course where somebody just got access to a tool and then felt like, “Hey I've got a hammer. Now everything looks like a nail,” right? How you use the tool is and where you use the tool is very important. That I definitely wanted to cover in the course and that was certainly supported by the Pluralsight editors when we outlined it. Certainly there are more hands on tools available, in fact if your interested in competition, there's capture the flag competitions. Where you can actually use a lot of these tools we've talked about, to actually go and accomplish a goal in a game like setting. That's a lot of interesting work going on in that area. Really it builds interest in the profession as well.
Connect with Keith Watson
May I Ask You For a Favor?
Thanks again for listening to the show. If it has helped you in any way, shape or form, please share it using the social media buttons you see on the page.
Additionally, reviews for the podcast on iTunes are extremely helpful and greatly appreciated! They do matter in the rankings of the show and I read each and every one of them.
Test Talks is sponsored by the fantastic folks at Sauce Labs. Try it for free today!