Intel AMT story, continued

A little bit more (warning: a few of these are related to Intel ME hardware, not Intel AMT firmware):

Rumor has it that OpenAMT can also be used for AMT detection:
https://sourceforge.net/p/openamt/wiki/Home/

AMT advisory from ASUS:
https://www.asus.com/News/uztEkib4zFMHCn5r

http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-8-2017/

https://community.rapid7.com/community/nexpose/blog/2017/05/11/on-the-lookout-for-intel-amt-cve-2017-5689

http://www.govinfosecurity.com/intels-amt-flaw-worse-than-feared-a-9901

Is Intel’s Management Engine Broken?

https://twitter.com/4Dgifts/status/862326241659150336

 

Metasploit’s Hardware Bridge API

[…]We recently announced a new addition to Metasploit to help you do exactly that: the Hardware Bridge API. The Hardware Bridge API extends Metasploit’s capabilities into the physical world of hardware devices. Much in the same way that the Metasploit framework helped unify tools and exploits for networks and software, the Hardware Bridge looks to do the same for all types of hardware. From within Metasploit you can now branch out into a Metasploit compatible hardware device to remotely control and use it for your penetration testing needs.[…]

https://community.rapid7.com/community/transpo-security/blog/2017/02/02/exiting-the-matrix

https://www.rapid7.com/about/press-releases/rapid7-enables-iot-hardware-security-testing-with-metasploit/

http://opengarages.org/hwbridge/

Rapi7 restores Metaspoit to Kali

An update to this older post:

https://firmwaresecurity.com/2015/08/12/kali-2-0-ships-without-metasploit/

Metasploit is back in Kali!

https://community.rapid7.com/community/metasploit/blog/2015/10/20/kali-2-new-operating-systems-support

Great news, thanks Rapid7!

Now if you could just rewrite it in Python. 🙂

 

Kali 2.0 ships …without Metasploit

Kali releases 2.0:
https://www.kali.org/releases/kali-linux-20-released/
https://www.kali.org/downloads/

But now Kali no longer includes Metasploit:

At the request of Rapid7, we have removed the Metasploit Community / Pro package from Kali Linux and now host the open-source metasploit-framework package only. For all of you who require Community or Pro, you will now need to download it from Rapid7 and then register and submit your personal details in order to get a license. In addition, the Rapid7 team no longer maintains the Metasploit package in Kali, which has brought with it some substantial changes – we’ve moved to a “native” setup, where rather than bundling all the required software needed to run Metasploit in one big package, we use native dependencies within Kali to support the metasploit-framework package. This results in a faster, smoother work experience and easier integration with Metasploit dependencies. For more information about this, check out our Metasploit Framework in Kali documentation page.

In related ironic news, Rapid7 gave out Open Source love tshirts at DEF CON 23:
https://community.rapid7.com/community/metasploit/blog/2015/07/30/weekly-metasploit-wrapup
I wonder long long it’ll take for Rapid7 to make Metasploit a commercial-only product? 😦