Threat or menace “Autosploit” tool sparks fears of empowered “scr ipt kidd ies”

Channel:
Tech House
Subscribers:
957
Published on ● Video Link: https://www.youtube.com/watch?v=XLZPfVKO6Dc


Duration: 8:01
759 views
1

Threat or menace “Autosploit” tool sparks fears of empowered “scr.ipt kidd.ies”.
The tools used by security researchers, penetration testers, and "red teams" often spark controversy because they package together and automate attacks to a degree that makes some uncomfortable—and often, those tools end up getting folded into the kits of those with less noble pursuits.  AutoSploit, a new tool released by a "cyber security enthusiast" has done more than spark controversy, however, by combining two well-known tools into an automatic hunting and hacking machine—in much the same way people already could with an hour or two of copy-pasting scripts together.

Malicious parties have weaponized scanning utilities, network commands, and security tools with various forms of automation before. By "stress testing" tools such as "Low-orbit Ion Cannon" (LOIC), High Orbit Ion Cannon (written in RealBasic!) and the Lizard Squad’s stresser site powered by hacked Wi-Fi routers, they took exploits known well to security pros and turned them into political and economic weapons. The Mirai botnet did the same with Internet of Things devices, building a self-spreading attack tool based on well-documented vulnerabilities in connected devices.

AutoSploit is slightly more sophisticated, but only because it leverages two popular, well-supported security tools. "As the name might suggest," its author wrote on the tool's GitHub page, "AutoSploit attempts to automate the exploitation of remote hosts." To do that, the Python script uses command line interfaces and text files to extract data from the Shodan database, which is a search engine that taps into scan data on millions of Internet-connected systems. AutoSploit then runs shell commands to execute the Metasploit penetration testing framework.

I just released AutoSploit on #Github. #Python based mass #exploit #tool. Gathers targets via #Shodan and automatically invokes selected #Metasploit modules to facilitate #RCE.https://t.co/BNw6JvTVH9#OffSec #InfoSec #Programming #Security pic.twitter.com/hvc3vrNCEJ



Other Videos By Tech House


2018-02-01Whales can mimic human speech, and you have to hear it to believe it
2018-02-01Nintendo has sold four million SNES Cla ssic Editions
2018-02-01Americans say Facebook is worse for society than Walmart or McDonald's
2018-02-01SpaceX’s rocket survived an emergency landing that was supposed to destroy it
2018-02-01Mode ai launches ecommerce bot platform powered by computer vision
2018-02-01Univision sees a 'tremendous opportunity' in bringing big brands to the Hispanic market
2018-02-01Red Dead Redemption 2 What We Know So Far
2018-02-01Goo gle honors Carter G Woodson, the father of Black History
2018-02-01Budget 2018 Government allots Rs 15 cr for mobile phone tracking system
2018-02-01Russia’s esports market is heating up
2018-02-01Threat or menace “Autosploit” tool sparks fears of empowered “scr ipt kidd ies”
2018-02-01Microsoft’s cloud computing business grows, stock edges up
2018-02-01Self Driving Cars Have a Secret Weapon Remote Control
2018-02-01Samsung plays down slow iPhone X sales impact on its revenues
2018-02-01KodakCoin ICO launch faces regulatory delay
2018-02-01Densify review Take control of your public cloud spending
2018-02-01What Israel’s cybers ecurity landscape foreshadows for 2018
2018-02-01AT&T quarterly profit rises, helped by tax cuts
2018-02-01Bringing Columbia Home Launch directors book tells shuttles final story
2018-02-01Jio vs Vodafone vs Airtel Best prepaid rec harge offers with more than 1 GB daily data
2018-01-31Symantec's revenue misses estimates as enterprise segment sales fall


Tags:
Threat
or
menace
“Autosploit”
tool
sparks
fears
of
empowered
“scr.ipt
kidd.ies”
Threat or menace “Autosploit” tool sparks fears of empowered “scr.ipt kidd.ies”