Attacking the Attackers
The predator becomes the prey. When scanning with Metasploit Pro, your victim can counter with a XSS payload, and even take over your machine. Never trust your victim! UPDATE: our paper “Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners” has been accepted at RAID 2020! Check out the full paper here. Metasploit Pro - XSS to RCE We see the targets of our scan as passive entities, and this leads to underestimating the risk of performing a network scan....