To get a valid session token to use with Burp Suite tools, I ended up writing a small Python extension (110 lines of code, but who’s counting?) that obtained a new session token for each request, allowing items like Intruder to work as intended. Cool, I was able to use it during the test, but I would like this to be repeatable. So, this blog is releasing Swapper, a regex pattern-based match/replace Burp Suite extension.
How are organizations using the Bitdefender GravityZone Endpoint Protection Platform (EPP) to reduce risk? Verified customers answer this question in the paragraphs below.
Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills.
Join the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline.
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an organization's security posture. With this in mind, we are delighted to announce the long awaited availability of Metasploit Pro 5.0.0 –which is not just an update, but a fundamentally new approach to red-teaming, designed with the sole intention of staying ahead of ever-increasingly capable threat actors.
Amongst the multitude of changes, Metasploit 5.0.0 offers an intuitive testing workflow that removes the ever evolving complexity of testing, as well as a suite of powerful new modules and critical enhancements. This is the version you can't afford to miss. For all the technical details, the granular release notes can be viewed here.
So what’s new?
Intuitive testing workflow
Say goodbye to complexity, as Metasploit Pro has completely overhauled the testing workflow. Updates are highlighted by an intuitive user interface, ensuring that your focus remains on high-value penetration testing and vulnerability validation, not fighting the interface. These changes are the foundation for the future, preserving the core functionality you rely on while enabling even more powerful features down the road.
⠀
Stop guessing and start seeing. The new implementation of Network Topology support provides instant, crystal-clear clarity on hosts that have been compromised, have associated cracked credentials, or captured data. For enterprise environments with vast, complex surfaces, we’ve invested in performance improvements, giving you the power to zoom and pan through hundreds of available hosts with zero lag. This is actionable visualization that transforms data into defense.
⠀
Vulnerability detection improvements
Get the necessary assurance before you click 'run.' Metasploit modules can now register crucial vulnerability detection details as part of running. This means that modules capable of running pre-check detection logic give you the full intelligence picture before you attempt exploitation. This new level of transparency and detail empowers you to make smarter, faster decisions, saving you precious time and minimizing the chance of failed module runs and adverse side effects.
⠀
Advanced workflow improvements
Unleash your inner expert with unprecedented control and efficiency. Advanced users of Metasploit Pro will immediately benefit from multiple UX improvements to the single module run page. Tired of manually configuring options? Users now receive intelligent suggestions for applicable values, including network targets, Kerberos credential cache files, and more – streamlining ADCS workflows.
⠀
Furthermore, you now have the ability to manually choose and configure individual payloads, giving you the final word on how you exploit targets. Metasploit Pro will continue to default to the most common payload for each exploit.
Plus, new quality-of-life improvements for replaying module runs ensure that verifying remediation and re-exploiting targets is a seamless, one-click process. Gone are the days of reconfiguring an entire module run to change a single option. The old list view has also been updated to include the ability to view the module option details that a module was run with. These capabilities can additionally be leveraged by advanced users who are interacting with Metasploit Pro in a programmatic fashion or through the command line interface to see exactly how Metasploit Pro is running modules.
⠀
Finally, boost your team's collaboration with the new session tagging feature. Sessions can now be tagged to facilitate advanced and coordinated post-exploitation workflows. Team members can apply instant, custom tags to track status and flag arbitrary qualities, which significantly improves coordination and organization across multi-person engagements.
AD CS exploitation
Tackle one of the most critical attack vectors in modern networks: Metasploit continues its relentless investment in modern exploitation techniques with the groundbreaking updates to the AD CS Workflows Metamodule. This powerful new feature is a significant advancement, providing security professionals with an automated, comprehensive approach to identifying and leveraging nine common AD CS vulnerabilities.
Now we’ve taken it even further, with new support for the latest and most dangerous ESC flaws: ESC9, ESC10, and ESC16. Take back control of your Active Directory environment and neutralize these threats with surgical precision. For detailed configuration instructions and comprehensive feature documentation, visit our AD CS Workflows MetaModule documentation.
⠀
Session tags
In fast-moving operations, context can disappear quickly as new sessions come online and analysts shift between tasks. Session tagging brings clarity back to your workflow by letting you attach meaningful labels to every open session. Instead of relying on IPs or hostnames alone, you can tag sessions with identifiers that matter to your team - such as priority, environment, or role - making it easy to group related systems and instantly recognize high-value targets.
⠀
SAML Single Sign On
Metasploit Pro now incorporates SAML Single Sign-On (SSO) authentication, providing your team with a simple, unified login experience. By connecting to your centralized directory, users can access Metasploit Pro with the same credentials they use for all other major applications. Administrators can easily configure their identity provider (IDP) to enable a passwordless workflow and utilize existing Multi-Factor Authentication (MFA) services, making access quick, consistent, and part of your standard corporate flow.
These features are available in Metasploit Pro 5.0.0 onwards. We’re also proud to collaborate with our customers, who are often the source of inspiration for product evolution. Ideas for improvements or enhancements can be shared with our Support team to help you refine the idea, then submit it to our Product team on your behalf.
Related viewing
Rapid7 Labs launched a podcast today! Episode 1 of 'Hacktics & Telemetry' is now live on Rapid7's YouTube page. Alongside some expert commentary on emergent threats and an exciting guest spot, the final segment is all about Metasploit Pro 5.0.0. Dive into our official companion blog here, and find the full episode embedded below.
Digital sovereignty is now a strategic imperative for many European organizations. According to a new IDC Market Note¹, “Sovereignty is not viewed just as a contractual consideration, but as an architectural one, and one of technical feasibility.”
96% of customers say they are willing to recommend Bitdefender.
We are pleased to announce that Bitdefender has been named a Customers’ Choice in the 2026 Gartner Peer Insights™ Voice of the Customer for Endpoint Protection Platforms (EPP) report. This year’s document included 18 vendors, yet just five received the Customers’ Choice distinction.Bitdefender received a 4.8 out of 5.0 overall rating*, resulting in placement in the upper-right quadrant of the report, with 96% of reviewers indicating they would recommend Bitdefender. The reviews considered for this report are for Bitdefender’s GravityZone, a comprehensive cybersecurity platform offering prevention, protection, detection, and response for organizations of all sizes.“The strongest validation comes from customers who rely on our technology every day,” said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group. “In our opinion, this recognition reinforces the industry’s shift toward a more proactive, adaptive approach to cybersecurity that helps organizations reduce risk by aligning protection to how users actually work.”
In today’s threat landscape—where ransomware, phishing, and supply chain attacks evolve faster than most teams can patch—a cybersecurity review isn’t just a checkbox exercise. It’s a critical opportunity to uncover blind spots before attackers do, and it also maps vulnerabilities to business impact, helping teams justify future investments. Rather than reacting to headlines about the latest zero-day exploit, leaders can focus on what truly reduces risk and improves resilience, turning risk into readiness.
Stop a threat before it executes, and you maintain business continuity. Respond after it runs, and you increase the odds of business disruption and costly remediation. Security solutions vary significantly in their ability to block threats pre-execution, and the latest AV-Comparatives Enterprise Advanced Threat Protection test quantifies this gap in stark terms: Bitdefender blocked 87% of threats at the pre-execution stage, while other vendors blocked just 36% of attacks pre-execution, on average. This 51-percentage-point advantage reveals more than superior detection rates—it demonstrates a fundamental architectural difference in how security solutions approach protection.
Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.
The cybersecurity industry has long debated whether prevention or detection is more important. The AV-Comparatives EPR Comparative Report 2025 settles the debate. By measuring both, it reveals that prevention-first is the winning strategy—stronger, simpler, and more cost-effective. Bitdefender GravityZone didn’t just participate in the evaluation; it led across the board.
Bitdefender achieved the highest detection rate among all participating vendors and the lowest Total Cost of Ownership (TCO), underscoring a commitment to both security efficacy and operational efficiency. The evaluation also proves that modern security means blocking threats before they disrupt business.
One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.
In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.
A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.
Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.
This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]
In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.
In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security
In this video, Dave Blandford discusses a beginner's guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.
Login
