Metasploit Framework 6.4, the latest release from Metasploit, introduces a host of new features and enhancements, exemplifying its steadfast commitment to fortify the arsenal of cybersecurity professionals and penetration testers. Noteworthy improvements in this release include substantial enhancements in Kerberos authentication support, with new capabilities added to support diamond and sapphire techniques in addition to golden and silver techniques. This update ensures compatibility with Windows Server 2022, aligning Metasploit with the latest Windows targets.
Furthermore, Framework 6.4 introduces a new module enabling the extraction of Kerberos tickets from a compromised host, enhancing the toolkit available to cybersecurity professionals for exploiting instances of Unconstrained Delegation. The release also emphasizes improvements in handling DNS queries within the framework, enabling the configuration of hostname resolutions, especially valuable in pivoting scenarios. This enhancement ensures that DNS queries for internal resources originate from compromised hosts, bolstering operational security.
Additionally, Metasploit 6.4 presents new session types for PostgreSQL, MSSQL, MySQL, and SMB, facilitating interactive queries with remote database instances and direct interaction with SMB shares, promoting efficiency and effectiveness in executing multiple modules against a single session. Importantly, this update supports indirect syscalls, a technique often utilized by security software to bypass EDR/AV detection and evade dynamic analysis, enhancing the stealthiness of operations within Metasploit.
Metasploit 6.4 also introduces improvements to module discoverability, featuring a new Hierarchical Search feature that streamlines users’ ability to navigate and identify the extensive array of modules within the framework. These enhancements underscore Metasploit’s continuous endeavor to equip cybersecurity professionals with indispensable tools to combat the evolving cyber threat landscape.
