Threats are constant and evolving. In this security landscape, organizations need to be proficient in both defense AND offense in order to protect themselves. Often we may understand the techniques that our adversaries are using, but somehow still fail to prepare our organizations and people for the attacks. As such, it is time for defenders to become persistent and proactive in trying to exploit their organizational assets, rather than simply waiting until their next audit. In this discussion we will discuss various techniques deployed by the current adversaries, and how to simulate those activities with Metasploit. We will also explore the countermeasures available to deterring, detecting, and responding to attacks on your network.
Marcus Carey, Security Researcher, Rapid7
Marcus has over 17 years experience in information assurance experience working in the DoD as well as Federal and State Government organizations. Marcus has been a avid user of the Metasploit Framework for over five years. One of his focuses at Rapid7 is to show people that Metasploit is not just for penetration testers.