Attack Test

Well, the Mayan Apocalypse came and went, and since we're all still here, it's time to get back to computer security. It shouldn't be a surprise that the most likely way you'll get exploited is through your browser, so you should routinely check for vulnerabilities there.

I was inspired by some of the free browser vulnerability checkers out there, such as the Firefox plugin check or the Rapid7 browser scan, so I thought I'd put together a little bit of a different version. Nothing quite drives the point home like running through all the steps and demonstrating a compromise with a real exploit kit (without the evil), so I put together my own, based on Metasploit's browser autopwn. It will launch the automatic exploits and even spawn a couple social engineering attacks after a minute if those fail, so you could even use it as a risk-free test for a friend or family member.

So as you visit your relatives this Christmas, feel free to give a try and see if they are vulnerable to the most common exploits available. You might also see if their security software of choice detects the attacks; since these are all public, off-the-shelf exploits, they might get stopped by an antivirus. (which doesn't mean you aren't vulnerable, of course) If any of the attacks do work, it'll show you a screenshot it took, but it won't leave any backdoors on your system or read documents or other files. Of course, if you're paranoid, feel free to reverse engineer them, but you can trust me.


Comments are closed.