Metasploitable3: An open-source, on-demand vulnerable network

Presented at BSides Austin 2017, May 5, 2017, 2 p.m. (60 minutes).

Are you looking to get into pentesting but don't have a vulnerable network handy to start poking holes in? Are you curious about all those hot pentesting tools you've read about but don't have a good place to try? Do you enjoy the challenge of a tricky CTF? Or are you just really into open-source security software and eager to learn about new offerings? Metasploitable3 is a new version of the intentionally vulnerable virtual machine designed as a target for testing your hacking skills. It has been updated to include its own vulnerable virtual network with loads of services to start digging through. And the best part is that it is constantly evolving and new vulnerabilities are being added by the community regularly. In this talk the creators of Metasploitable3 will discuss how to get started with building the network, showing off some of the vulnerabilities, and how to exploit them. Tips on how to make your own tweaks, and how to contribute those tweaks to the project, will also be covered. And there just might be some secrets to tracking down the hidden flags scattered throughout the filesystem...

Presenters:

  • James Barnett - Senior Software Engineer - Rapid7
    James Barnett is a sys admin turned software engineer with 9 years of experience across both fields. He is currently working on modernizing the Metasploit database backend and data model for Metasploit 5. He also is a major contributor to the Metasploitable 3 project.
  • Wei Chen
    Wei Chen, aka sinn3r, is a senior security researcher at Rapid7. He has spent most of his career in offensive security, and has been a major contributor for the Metasploit Project for more than 6 years. Wei is friendly, and does not bite.

Links:

Similar Presentations: