Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: year in review

Top 5 posts of 2011

As the year begins a new I thought I’d take a look back at what people have been reading on blog.c22.cc in the last 12 months. Alongside hits straight to the main page (18,652), about me page (1,768 for some reason) and the usual heavy traffic on some older 2009/2010 posts (25,000+), the following new 2011 posts proved to be the most interesting.

Shmoocon 2011: TEAM JOCH vs. Android: The Ultimate Showdown –> 1,562 visits

SurveyMonkey: IP Spoofing –> 1,481 visits

Setting up your own SAP Netweaver test lab –> 1,421 visits

{BruCON LT} SSL Impersonation in 5 minutes or less! –> 1,375 visits

Shmoocon 2011: Printer to Pwnd –> 1,368 visits

It’s nice to see that people aren’t only coming to the blog for conference coverage, although Shmoocon coverage seems surprisingly popular… Let’s hope that the 2012 Shmoocon coverage proves just as interesting 😉

Metasploit Modules: A Year in Review

A month of so back now I started automating some posts on the new Metasploit modules released. As luck would have it, about the same time, the guys over at Rapid7 started to churn out more regular blog post themselves, giving details of the key modules and changes. Although the posts were interesting to a select few, I never saw them as a long-term thing and as the year ticks over to 2012 it’s time to put them to bed. After all, the people at R7 are bound to have a better overview of Metasploit than I am.

Before it goes though, I took time to output newly added modules between 2011-01-01 and now (2011-12-31)… just to show what’s been accomplished in 2011. I’m sure the fine folks at R7 will be putting out a more detailed review together with pretty charts, and maybe even an Infographic or two. Still, I hope this proves useful for some as we wave goodbye to the automated weekly posts.

Note (09 July 2012): As this post has resurfaced recently amongst discussions of how much Metasploit has changed in that last few years, I wanted to add a link here to the description of HD Moore’s Law (as discussed at the end of 2011 by Josh Corman).

Casual Attacker power grows at the rate of Metasploit*

For a full overview of HDMoore’s law and the though process behind it I would point you to the Cognitive Dissedents blog –> http://blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law/

Note: These are only the modules marked as Additions within the modules / tools or scripts directories. Some modules may be excluded and others may appear if they were Deleted and reAdded at some point in the year. I’ll be posting up something about how the lists were created in a separate post soon.

The following modules have been added to the Metasploit SVN between 2011-01-01 and 2011-12-31
Read more of this post