Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit
Egypt Core Developer, Metasploit Project
The blackhat community has been using client-side exploits for several years now. Multiple commercial suites exist for turning webservers into malware distribution centers. Unfortunately for the pentester, acquiring these tools requires sending money to countries with no extradition treaties, taking deployed packs from compromised webservers, or other acts of questionable legality. To ease this burden the Metasploit Project will present an extensible browser exploitation platform integrated into the metasploit framework.
egypt has been a core developer for the Metasploit Project since April 2008 and a user of the framework since discovering its existence in 2004. He is also a member of Attack Research, a group of people dedicated to the in-depth understanding of computer based attacks.
Recently, egypt founded Teardrop Security, a consulting company specializing in penetration testing, vulnerability research, and reverse engineering.