Every time I go for a drive, I notice a feature in newer cars that's extremely common: the blind spot warning light on the side mirror. It lights up to warn the driver that a vehicle is in its blind spot. Overall, I'm a supporter of advancing technology to make our lives a little easier, and I'm sure this feature is useful. However, I worry that some drivers may stop being vigilant if they come to rely on this kind of technology. I wonder if drivers have stopped turning their heads to check their blind spots.

The issue of blind spots is relevant to Armitage and pen testing because it's sort of like a new technology that drives the car for us without us having to know a single thing about how to drive. Metasploit was already a revolutionary way to automate security testing, and Armitage automates it even further. Long before Metasploit existed, even in the 1990s, most of the tasks we take for granted today were accomplished manually. When tools were at our disposal, we had to manually correlate outputs to develop the understanding necessary for any attack, and this was years after the true pioneers developed everything we needed to know. Most modern tools allow us to get far more work done in very rigid time frames, allowing us to focus on analysis so we can bring value to the client, but there is also the rise of the script kiddie to contend with, as well as inexperienced but passionate hopefuls who download Kali Linux and fire offensive weapons with reckless abandon. Despite some complaints, these tools do have a place as long as they are used to improve our lives without replacing fundamental common sense.

With that in mind, it's recommended that you find out what's going on behind the scenes. Review the code; analyze the packets on the network; research not only the details of the attack and exploit, but the design intent of the affected technology; read RFCs; and try to accomplish a task without the tool, or better yet, write a better tool. This is a great opportunity to better yourself.

Moving forward, we're going to facilitate a social engineering attack with a malicious USB drive. Once the drive is plugged into a Windows machine, we will have a meterpreter session and be able to take control.