The Metasploit framework provides penetration testers with an unprecedented ability to find and exploit vulnerable machines, but a good penetration tester knows exploitation is only the beginning. Metasploit post exploitation modules allow penetration testers to gather data from exploited machines, including hashes, tokens, application passwords and much more. During this presentation we will discuss useful post exploitation modules, developing post exploitation modules, and contributing modules to the Metasploit framework.

Stephen Haywood (AverageSecurityGuy)

Stephen Haywood (aka AverageSecurityGuy) has over ten years experience in the information technology field working as a programmer, technical trainer, network operations manager, and information security consultant. He holds a Bachelor of Science in Math and a number of industry certifications, including the Certified Information Systems Security Professional(CISSP), Offensive Security Certified Professional(OSCP), and GIAC Penetration Tester(GPEN). Over the last five years, he has helped improve the network security of a number of small businesses ranging in size from ten employees to hundreds of employees by offering practical, time-tested information security advice. In addition, he has contributed to the Metasploit Framework by rewriting the OpenVAS connector and by writing a number of post exploitation modules.

Back to Derbycon 2012 video list