In the core Metasploit 4.6 open source framework, 138 new penetration testing modules have been included, enabling at least 80 new exploits. One of the exploits that Metasploit 4.6 includes is a webcam activation module. The basic idea behind the module is that it could enable a security researcher to gain access to webcams and microphones at a vulnerable location.
Kirsch noted that the webcam activation module is a good way to demonstrate to a CEO that security is something to take very seriously.
“For example, if a pen tester says that they are able to access the SSH keys at an enterprise server, that may mean a lot to technical folks but it doesn’t mean much to the CEO,” Kirsch said. “But if you can say, ‘I just hacked into your computer and I can hear everything that is being said in your room,’ that has more impact to convince people that are not technical about the importance of protecting the network.”
Read the full story at eSecurity Planet:
Making Enterprise Penetration Testing Less Mysterious
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.