My vote is privilege escalation. There is obviously getsystem in Metasploit, but what other techniques are used? Most of what I have found is on the "at" command which requires admin rights to run. Just wondering what other things a skilled attacker would do outside of Metasploit.
On Tue, Apr 20, 2010 at 12:45 PM, Butturini, Russell < [email protected]> wrote: > I would like to hear a round table discussion of where Metasploit can fit > in an enterprise environment. I know what my organization does with it, but > would love to hear some more ideas. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Paul Asadoorian > Sent: Tuesday, April 20, 2010 1:41 PM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] Topics For Discussion - Episode 200 > > Hi All: > > I wanted to solicit the members of this list to get some topics for > episode 200. We are planning on podcasting all day (June 4, 2010 > 9am-5pm) so I would like suggestions for: > > - Debates > - Discussions > - "Round Tables" or panel discussion > - Technical topics > - Computer equipment you would like to see destroyed (not my iPad!) > > Please also include any guests you'd like us to try and get to discuss > stuff too. These can be non-technical topics (like "passwords") or more > technical things (like "post-exploitation"). > > Thank you in advance for your feedback and keep up the great discussion > on this list! > > Cheers, > Paul > > PS. I would also be interesting in hearing suggestions for Beer or > cigars and promise to include a full review on the show! :) > > -- > Paul Asadoorian > PaulDotCom Enterprises > Web: http://pauldotcom.com > Phone: 401.829.9552 > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > ****************************************************************************** > This email contains confidential and proprietary information and is not to > be used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
