Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Wireless exploits coming to Metasploit 3...

and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasp…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasploit has it's good uses by people legitimately testing systems that they are responsible for, for vulnerabilities. But, it does make it very easy for the less skilled to pull off some exploits.

In many ways, the security software debate many times turns into something akin to the gun control debate.... "criminalize security penetration testing software and only criminals will have penetration testing software.." Which does make a certain amount of sense.... there are those that have no compunctions against doing illegal things and it can be a helpful thing for people that are motivated to protect themselves and others to have the tools to understand and see the effects of what the criminals would use whether they were legal or not.

I've made use of the Metasploit framework for testing my own machines (and as I recall for testing the WMF vulnerability last winter.) I am thankful to have access to the same kind of tools an attacker does because it opens my eyes to what they MIGHT be able to do and gives me a better chance to 1) avoid situations where you can be targetted and 2) be aware of possible signs of an attack and 3) mitigate the software vectors that can be used for the attacks.