[January 24, 2012] Digital Bond and Rapid7 to Release Metasploit Module Tweet Jan 24, 2012 (Close-Up Media via COMTEX) -- Digital Bond and Rapid7 announced, at the S4 Conference, the release of a new Metasploit module to exploit the GE D20 and a partnership to move additional Project Basecamp exploits to the Metasploit Framework. In a release, Dale Peterson, founder of Digital Bond, said, "We felt it was important to provide tools that showed critical infrastructure owners how easy it is for an attacker to take control of their system with potentially catastrophic results. These attacks have existed in theory for a while, but were difficult to demonstrate to a Plant Manager. "By creating exploit modules for the most widely used exploit framework - Metasploit - we hope that security professionals in critical infrastructure companies, consultants, and penetration testers will prod vendors to add basic security measures to PLCs after decades of neglect." "The Basecamp modules show the flexibility of the Metasploit Framework," said HD Moore, Metasploit Chief Architect and CSO of Rapid7. "While most Metasploit modules exploit traditional workstations and servers, these modules are exploiting special purpose devices and will even demonstrate the ability to provide interactive control of a critical system, turning things on and off." There are additional GE D20 modules in QA, and plans to move the Basecamp exploits of Rockwell Automation, Schneider Modicon, and Koyo/Direct LOGIC exploits into Metasploit modules. PLCs are the components in SCADA networks that control critical infrastructure, including power plants, pipelines, chemical manufacturing, water treatment, etc. A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage security assessments, providing true security risk intelligence. Metasploit editions - ranging from a free edition to professional enterprise editions - are all based on the Metasploit Framework, an open source software development kit. Project Basecamp and the resulting tools were presented at Digital Bond's S4 Conference in Miami Beach. Digital Bond is a SCADA and DCS security consulting and research practice. Rapid7 is a provider of security risk intelligence solutions. ((Comments on this story may be sent to [email protected])) [ Back To TMCnet.com's Homepage ]