Metasploit Goes Web

DEF CON 17

Presented by: Kevin Johnson
Date: Saturday August 01, 2009
Time: 12:00 - 12:20
Location: Track 2
Track: Track 2

This topic will present and discuss the new Metasploit plugin for web exploitation and assessment. WMAP is part of the Metasploit framework and it is build with a different approach compared to other open source alternatives and commercial scanners. WMAP is not build around any browser or spider for data capture and manipulation and as test modules are implemented as auxiliary modules they can interact with any other MSF components including the database, exploits and plugins. Forget about this being another scanner, think of it as new building blocks for massive pwnage that crosses protocol boundaries.

Efrain Torres

<strong>Efrain 'ET' Torres</strong> is a Colombian security researcher that likes to break web applications and dislikes security certifications. Efrain currently works for one of the Big 4's IT Advisory practice in Houston, TX. Prior to coming to the US (5 years ago) he was an independent security consultant while trying to figure it out how to graduate from college.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats