Happy HaXmas, friends and foes (substitute your nouns of choice here). The Metasploit team kicked off 2019 with the release of MSF 5, marking our first major version release since 2011. Since that announcement, we’ve published six pieces of research, merged more than 180 modules, released a few sweet payload- and cracking-related features, and learned more than we thought we’d want to know about RDP. We’ve also been working on a secret project whose debut you can expect sometime in early 2020. If you have opinions on why not all vulnerabilities are equal (and can prove it), ask us for early access.
In no particular order, here’s a smattering of the year’s Metasploit Framework highlights. As ever, we’re grateful to and for the community that keeps us going strong. You can relive 2018’s best Metasploit moments here.
2019 research
A serial problem: Metasploit’s R+D team noticed an uptick in exploit module PRs targeting Java deserialization vulnerabilities in 2018 and early 2019. In March of this year, we published a research paper on exposure and practical exploitation of Java Serialized Objects (JSOs); we also added new library code to Framework to support generation of ysoserial-based objects for exploitation, research, and testing.
Dear Diary, today we hacked the planet. We’ve been testing out a little research experiment this year: The memorable metasploit moments
