Security tube Metasploit Frame work expert Review

Let me start with this course is only for certain types of people with an excellent amount of experience in operating systems especially Linux and windows. You definitely need experience with Linux and SSH for the exam. Everything I write in this review is only my opinion and geared towards what has happened “in my world” recently. I took this certificate and risked a few months because it may or may not benefit my career; this education may not benefit everyone. My risk may have panned out as I have already had one Metasploit opportunity and I have been certified one week. Recently I just certified the GCIH and have had a few years working in the field. I also used this course to begin a hack demo that is state of the art with Metasploit and Armitage that I present twice a year. It’s possible I am about to dive deeper into this realm and the certification came at the perfect time. The target operating system was still current during my time on this course. I did want to see more Windows 7 stuff. I also wanted to see more tricks to hide from Symantec and Mcafee “network threat protection” and different IDS technologies. During the course I put Metasploit through its tests against things like “network threat detection and snort” That may be another topic. Below is my latest scoring system.

+7 or +8 out of 10 for the PAID version of the SMFE course and certification. This course was a fun exciting enjoyable course. The instructor knew all the ins and outs of Metasploit. He was funny, and the presentation had slides alongside a live instructor to watch. For the price hands down I would recommend this course. The amount of work Vivek put into this course is worth more than 250$. I would estimate for it’s time without updates this course could worth around $800-$2000 to the right person just starting exploit research. The certification is a lifetime cert also.

The Good the bad and the ugly.

+1 for a full review of 2011 version of Metasploit. I was able to learn the complete structure of Metasploit 4.5 and complete my own BOOK on Metasploit t. The issue is that Metasploit is now at V 4.6 and not going to slow down in revisions. It appears unless the course gets an update it will be loosing some valuable new exploits. The revision in the course had 700+ exploits now in 2013 Metasploit has 1000 exploits.

+1 for going very in-depth into exploit research. The course keeps on giving. After you finish the main tutorials Security tube adds bonus presentations on assembly and exploit research with Metasploit so you can continue on gaining experience with buffer overflows and SEH attacks. This course could last me my lifetime now that I think about it.

+1 For me support was very good and became shaky towards the end. They did not actually want me posting my final answers into the forums so other students could do more research. I found that posting my answers was a must and continued to do so. Support answered my questions in fewer than 24 hours.

+1 for a hand’s on exam hacking a few machines. The exam went very smooth for me. I practiced many times on everything I could think of. They supplied two diagrams and I planed my hack ahead of time with photo shop. I added my nmap scans and metasploit attacks to the diagram before the final. I put in enough effort that I was disappointed on the final exam.

+1 for the skill of the instructor. It looked almost like Vivek winged the whole course. He knew metasploit hands down. The whole course together was pretty flawless. He is really funny also.

+1 for items like pivoting, port forwarding, migrating, memory manipulation, exploit research, SET, DLL injection, meterpreter explanation, port scanning, auxiliary modules. Ect.

+1 The exercises are a major part to learning the material. Everyone can watch the material online for free but to really get a grip on the subject the exercises are key. They were not your average exercises also. They were hacker tricks that were fun. I continued on with the exercises and made my own. It would be great if there were more exercises and also more challenging ones. Another idea is having a six month hack challenge in the Tech Exams forum here.

-1 When I took the course in the end of 2012. The course was missing many new exploits. This main part of the course is based on low hanging fruit such as DCOM and NETAPI exploits that are out dated and no longer useful to me in the field. To be fair I think the low hanging fruits have been patched and people are no longer sharing the latest exploits for reasons that are pretty reasonable. Now is probably the beginning of the age of keeping Metasploit exploits closer to the heart.

-1 The course is geared entirely for windows XP. We all know that XP is last year’s model of Operating systems. One lecture covers a quick way to exploit windows 7. Apparently the course offers unlimited updates. Will have to see in the future what happens. I also wanted to see more on WIN 7 and WIN 2008. I will re add my part on network threat detection. I have figured out a way to bypass some NTP however can’t share it in the forums at this time. If you contact me privately I can discuss it freely.

-1 the forums were lacking any sort of structure. I felt a bit gyped on the exam also. I don’t even want to talk about how I got gyped on the exam. I put in a great deal of effort so the exam was trivial. Very excting though

That’s it for my basic review. I now spend much of my time in the #metasploit and #armitage IRC channels. Another source for information is the armitage linkedin group. I will pass on my handle if you email me through private channels.

J:\>

Find more posts tagged with

Comments

the_Grinch

Awesome! Thanks for the review!

wes allen

Totally out of curiosity, how relevant is this type of pentesting going forward? Seems like *most* companies are doing a pretty good job with NAT, firewalls, and maintaining patched win7 boxes so it seems that web app exploits would be key, rather then hitting unpatched XP boxes? I can see it being useful once/if you get a pivot point inside their network, but just wondering where classic pentesting is going? I went through most of the public STMF videos and it is cool for sure, and I am really looking at doing the python scripting, since it looks useful outside of pentesting.

Don't misunderstand - I think pentesting is cool and I am seriously looking into OSCP, though at this point, it is more for personal, rather then, professional, reasons.

Hypntick

Depends on what type of companies you're pentesting for I would imagine. I'm not doing that kind of thing right now, however I am at an MSP that does support for SMBs. A lot of these places are still Win XP, Server 2000 and 03, or a hybrid of old and new.

the_hutch

wes allen wrote: »

Seems like *most* companies are doing a pretty good job with NAT, firewalls, and maintaining patched win7 boxes so it seems that web app exploits would be key, rather then hitting unpatched XP boxes?

I strongly disagree with the word "most" here. Which I think you were probably acknowledging the liberal use of the word based on the fact that you surrounded it with asteriks. I've worked with a surprisingly large number of organizations that maintain a large number of XP boxes to support legacy software. And there is no such thing as a patched XP system, since it is no longer a supported operating system. I do agree with you, though, that most of the good careers in pentesting these days focus largely on web-application exploitation.

dbrink

You'd be surprised at how many larger organizations still have Windows NT 4 (yes I'm serious), Windows 2000, Windows 2003, and Windows XP in their environment. Alot of places get specialized applications embedded in their processes so alot of these older systems end up hanging around for a LONG time.

wes allen

Ok, I know there is a lot of XP/2k3/etc out there, but it is going away, if slowly. I guess my question, though, is learning to pentest XP/2k3 or even win7 from the network something that has a future? How many of those boxes have publicly addressable IPs? And, if I am doing an internal audit, why would I use MSF vs. Nessus? I am trying to understand the current and near future state of pentesting, esp using well know exploits via MSF, or even backtrack. I just seems that most of the threats these days come via web apps, or via client web browsing. So, is it all about getting either a pivot point or physical access to a network first, then running this type of pentest strategy?

the_Grinch

You are kind of answering your own question. With Metasploit you could send an email (social engineering) getting someone to open an attachment or clicking on a link. From there it will compromise their machine and connect back to you with an open command prompt. From there you are inside and can start to takeover the network. Load up your toolset on the now exploited machine and start mapping things out. Recently most attacks have just gone machine to machine downloading various files and data. As long as you have end terminals you will need pentesting for it. It will probably be the easiest door into holy grail you are looking for.

At my last company we did work for a hospital and were moving servers to their new data center. As we were offloading various servers I came across an ancient looking box. I asked why they loaded it in the truck. Their reply? The machine was a Windows 95 machine with various VBA scripts written by some lady 20 years ago who still used them for something. The past three years they had told her to prepare to migrate and she hadn't. Often it isn't so easy to say let's upgrade a bunch of stuff. In my current position Vista would not work with the VPN no matter what they tried. They have 10 machines that are not being used because of it.

wes allen

Heh, guess I am. But, these tests/classes kinda assume you already have a starting point inside the network. right? I guess that is maybe what I am struggling with, all the MSF/backtrack skills won't help if you can't get that first machine? I think this also sorta peaks my interest in physical pen testing as well. Like how to get a box hooked to their internal network and then talk to it via wifi or 3g.

Jinverar

There is a small error I need to point out in my review. I took a small pot shot at Win XP being last year’s model. That is not correct. Windows XP has moved the end of life to 2014. Most businesses and military's still rely heavily on Win XP. That goes the same for outdated internet explorer or outdated java. This is great for my hack demo. Less work bypassing UAC with metasploit.

I need to change the -1 to a +1 for the XP comment so def 7.5 out of 10.

The best time to exploit a computer is after a patch is released and a exploit is created for the patch.....Maybe if you are struggling with the remote router hacking pen testing field being useful then the exploit research field could help.

There is a section on security tube that talks about "router hacking" another few terms to research are firewalking and fragmentation. These tools can aid in a hack. It's also worth some investigation to configure a router with python, scapy, tcpdump, and sniffing the wan. Right now this post just made me think about installing metasploit on the router then using the auxiliary sniffer modules. There is a lot of power in the PAID security tube course by metasploit.

I had to edit this twice....
J:\>

wes allen

wes allen wrote: »

Totally out of curiosity, how relevant is this type of pentesting going forward?

I got a chance to hang out with a guy that spends a lot of time doing higher end pen tests today and need to update my views on how relevant network pen testing is. While external network pen testing is fading, many companies now do an internal network pen test, going off the assumption that someone will end up with a compromised internal machine, so they want to see what kind of exposure they have internally. Webapp pen testing is really big as well as physical pen testing - getting people into high level executive offices, etc.

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of