Review: SANS vLive 580 Metasploit Kung Fu for Enterprise Pen Testing

| November 17, 2010

sans_logo.gifBy Brandon Harms, CISSP, CCNP, FCNSP, et al

SANS vLive! Online Security Training and Courses, promoted as the solution to employers’ lack of travel budget, offers a great alternative to a security conference. The training material and instructors are the same as you’d expect from a SANS conference, par excellence. The material is presented using the typical power point slides with live streaming of the instructor’s head, Max Headroom style, and of course an audiocast.  The instructor will answer any questions posted via a chat window as they are asked.

I recently attended SANS 580 Metasploit Kung Fu for Enterprise Pen Testing via SANS vLive!. The course was taught by one of course authors, John Strand. Typically a two-day course, the vLive! training was broken down into four 3-hour sessions with each session delivered bi-weekly for two weeks, i.e. three hours Monday, three hours Tuesday and the same the following week. Not being a fan of webinars, I was surprised by how well this medium worked. The combination of excellent material and engaging instruction by Mr. Strand provided an outstanding learning experience. The time between sessions gave students a chance to read the course material and do the exercises when they had the time. The instructor was available via email and phone to answer any questions about the material and labs, though I found that the material was written well enough, that I had no trouble completing the labs without additional help.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:/root}



vLive! from SANS is their live, online training platform.
This isn’t a prerecorded study aid — these are live classes with top instructors!
vlive_logo_130.jpg

$150 OFF Any SANS Course in Any Format!
Connect_EHN


SANS 580 Metasploit Kung Fu for Enterprise Pen Testing provides a deep dive into the uses of the Metasploit framework to enable InfoSec personnel to use this remarkable tool as the foundation for their penetration testing. Years ago one would use Metasploit to gain shell after a Qualys scan told them a particular system was vulnerable, possibly putting a small text file somewhere to prove they were there, and moving on. While this is certainly one way you could still use Metasploit, I’ve come to find out that it offers so much more. Every step, from reconnaissance, scanning, exploitation, and post-exploitation activities can be executed using Metasploit. It is important to note, as emphasized in class, that pen testing is more than “getting shell.” It’s about what we learn after we gain shell access.

The class begins with the typical “getting networked” and an overview of the topics to be discussed over the next few days, which is common for SANS courses as well as most other technical courses. Following the introductory portion of the class, we jumped right into what Metasploit is, how it’s designed, and how to navigate its user environments. Not long after covering the basic components of the framework, the course proceeds into using the Meterpreter. This is where the fun begins…

The Meterpreter is a specialized shell environment that runs in memory on exploited targets. The class provides detailed information on how the Meterpreter works and how to use it to control, monitor, and generally “p0wn” a target system. After learning what can be done with the Meterpreter and other components of Metasploit the course continues with a lesson in penetration testing methodology and how to further use Metasploit features as they apply to this methodology.

The course breaks down pen testing methodology into four parts: Recon, Scanning, Exploitation, and Post-exploitation. Mr. Strand delivers detailed instruction on how to utilize Metasploit’s capabilities for each of these parts with gusto and expertise that keeps you engaged, as if you were over at his house having a one-on-one discussion over beers. Some of the highlights from the recon portion of the methodology include email collection and DNS enumeration, something that I didn’t know the framework had the capability to do.

The scanning portion of the training includes instruction on built-in scanners as well as integration with third-party scanners. In addition, detailed instruction and exercises were provided in order to utilize the framework’s database to store and organize gathered information. Documenting all information gathered is critical for the pen tester, and Metasploit makes it easy to keep track of all your recon and scanning activities. The course does a good job of pointing out some of the limitations of Metasploit on client-side recon for a pen tester such as AV versioning. There are, however, a great number of client-side exploits in its arsenal.

Following the recon and scanning portion of the training, day two of the course delves into exploitation and post exploitation activities. Client-side exploits are extremely effective today, and Metasploit makes it possible to create, automate, customize, and obfuscate malware in order to gain control of client environments despite existing security countermeasures. I see this as the Kung Fu portion of the training. Pivoting, Social Engineering, and AV evasion techniques combining art and technology are taught in this course to recreate what an attacker would do. Metasploit with integration of third party tools can do it all.

After the client-side exploitation techniques, Mr. Strand’s eyes lit up as he delved into the Meterpreter Inline Ruby Interpreter or irb interface. Ruby scripting extends the power of Metasploit to do, well, anything you can think of and develop. Luckily, there are numerous existing Meterpreter scripts from which to learn. The course provides an introduction into Meterpreter scripting as well as tips on how to get the most out of existing scripts. After emphasizing the power of irb, the vLive! training concludes with more post exploitation Kung Fu and Metasploit’s ability to get passwords to hand off  for cracking, wireless hacking, and integration with Webscarab, Ratproxy, and BeEF.

In conclusion, SANS 580 Metasploit Kung Fu for Enterprise Pen Testing via SANS vLive! offers unparalleled training in the uses of the Metasploit framework as it applies to penetration testing. The vLive! environment doesn’t take away from the learning experience. SANS conference attendance is invaluable, but, in those situations where budget and time are at a premium, you will not be disappointed with the vLive! environment. The emphasis throughout the course on rules of engagement and the use of caution when attempting the techniques being demonstrated, speaks to the authenticity of the material presented. This is real world pen testing done by experts in the field. Highly recommended.


brandon_harms.jpgBrandon Harms is a Senior Information Security Consultant at Infogressive, Inc., headquartered in Lincoln, Nebraska. Infogressive is a security-centric information technology consulting firm. Brandon has held four industry accepted certifications:

• CISSP: Certified Information Systems Security Professional
• C|EH: Certified Ethical Hacker
• FCNSP: Fortinet Certified Network Security Professional
• CCNP: Cisco Certified Network Professional

Mr. Harms is pursuing a Bachelor of Arts in Philosophy from the American Public University. He has worked for large telecom and financial firms in a variety of technology roles, including network security engineering, for eleven years. For four years Brandon was a System Engineer with a Cisco Gold Partner specializing in the architecture and deployment of security, telephony, and wireless systems across the country. He has also worked for the Dept. of Defense as a Russian linguist and network engineer. Prior to joining Infogressive as a security consultant, Brandon was a Senior Network Engineer in the Omaha area. In his free time, Brandon is a member of American Mensa and the Freemasons. He is married with three children and spends most weekends traveling to BMX tracks across the Midwest to support (finance) his 9 year old son’s budding BMX career.

Category: /root

Comments are closed.