Presented at
DEF CON 33 (2025),
Aug. 8, 2025, 2 p.m.
(45 minutes).
Metasploit continues to expand support for Active Directory Certificate Services attacks, as well as its protocol relaying capability and attack workflows for evergreen vulnerabilities. This year, we added support for SMB-to-LDAP relaying and SMB-to-HTTP relaying, as well as support to identify and exploit a number of AD CS flaws. We’ve also added the new PoolParty process injection capability to Windows Meterpreter sessions, along with support for System Center Configuration Manager attack workflows.
Presenters:
-
Jack Heysel
Jack is a senior security researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. He started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, he enjoys exploring the mountains and outdoors that surround his home.
-
Spencer McIntyre / ZeroSteiner
as Spencer "ZeroSteiner" McIntyre
Spencer is a senior security research manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, he worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.
Similar Presentations: