This could be quite useful:

Two years after Rapid7 acquired the Metasploit Project, the company has rolled out a free and more user-friendly version of the open-source tool that is aimed at less technical users.

The new Metasploit Community Edition is a combination of the popular open-source Metasploit Framework and a basic version of the user interface of Rapid7′s Metasploit Pro commercial product.

via Metasploit For The Masses – Dark Reading.

Ah, the fun of legitimate penetration…

‘Hacker’ gets kudos from his financial services victim, as in-house security cameras go rogue and steal users’ credentials

via Strange But True Penetration-Testing Stories – Dark Reading.

I have a confession to make: I don’t have a Smartphone.  I think about getting one on occasion, but the reality is, I’m nearly always near a PC, either at home or at work, and can easily look up anything I want to look up, so the cost/benefit has never passed analysis.

But now, I just might have to get one of these:

Pwnie Express :: Wired, wireless, and 3G pentesting dropboxes.

New tools!

Core Security Technologies is introducing new pen testing software that, according to the company, has robust reporting capabilities, enabling CIOs, CISOs and other executives to gauge risk to internal systems and gain greater visibility into the progress of ongoing security initiatives.

The Boston-based penetration testing firm, best known for its Core Impact Pro software for pen testers, launched Core Insight Enterprise on Monday. The new tool can be programmed to view critical systems and their connection points and then can be set to conduct multiple, automated pen tests in an attempt to find a way into the company’s most critical assets, said Mark Hatton, CEO of Core Security Technologies Inc.

via Core Security launches CISO level pen testing software.