Introductions
I currently serve in a senior management infosec role. I started out as a network admin, then eventually landed a gig as Senior security analyst. Not long after, my employer wanted to edge me more into infosec management type responsibilities. While that has been a great experience, I have never lost my passion for the technical side of infosec. Okay, let’s continue introductions shall we. My foray into cybersecurity truly started when I first stumbled upon Metasploit… Now, I need you to know, this wasn’t the Metasploit of today. Nowadays it’s the familiar goto for managing your reverse shells and harnessing a fleet of exploits. Everyone in cybersecurity has heard of Metasploit. However, back when I started using it, it was unheard of. I think it was around 2006 when I started tinkering with the tool, and back then it was called msf2/msf3 (depending on the year). There’s even a release archive with postings from H.D. Moore himself explaining the makings of Metasploit and all that it can accomplish: Article
This tool used techniques unheard of to me at the time it was released. It was well ahead of its time. In case you’re interested, these were the included exploit modules for msf2.2 (2004):
Nostalgic right? Back then, these didn’t even register on AV detections and heuristics. It was a new strain of techniques, including AV evasions, that allowed the red teamer to effortlessly elude their target. You may be asking yourself: Why is he taking us down memory lane? Because Metasploit opened the door to everything for me. x86 shellcoding, learning Windows APIs (and undocumented APIs!), programming in C++, Python, Ruby, sockets / advanced networking concepts, etc. I owe a debt of gratitude to H.D. Moore. So, with all this information being hoarded in my head, I decided it was high time I shared it with others so we can grow together in our aspirations toward strengthening our infosec skillsets! In the near future, my plans are to share technical writeups and Video walkthroughs for all my code. I wish to explain various red team toolsets and techniques one can harness for pentest campaigns and help with furthering research into advanced security offensive security techniques overall. Thanks for reading!
-R.B.C.
Leave a comment