nDepth Employee Contributions to Open Source Security Software, April 2026 EditionnDepth Employee Contributions to Open Source Security Software, April 2026 Edition
nDepth Security > Default > nDepth Employee Contributions to Open Source Security Software, April 2026 Edition

nDepth Employee Contributions to Open Source Security Software, April 2026 Edition

Added: June 11, 2026

The Metasploit Project, owned by Rapid 7, is a computer security program which is the world’s most used penetration testing framework. This Free and Open Source Software (FOSS) is used by nearly all penetration testers, and is extremely common in training courses from SANS, EC-Council, and many others.
The Metasploit Project, being Open Source Software, flourishes from the contributions of the community. nDepth’s own Mike Cyr (h00die) is a frequent contributor to the project and has continued to spend their personal time conducting security research and providing enhancements to Metasploit for the benefit of the security community. This month, h00die contributed the following enhancements:
WINDOWS telemetry persistence
Microsoft Windows has a telemetry service, which is enabled by default. This service collects and sends diagnostics, performance, and data usage back to Microsoft. However, the telemetry service can have an additional telemetry controllers which execute programs. This Metasploit enhancement allows a penetration tester to add a new controller which will execute their code periodically, allowing for persistence.
WINDOWS Bits Persistence
Microsoft Background Intelligent Transfer Service (BITS) is a service which can be used to upload or download files. This service works in the background, has fault tolerance and other features. Windows Update telling you there’s an update? It used BITS to download them. Chrome notifying you of an update? BITS transferred it as well. This service is critical for modern Windows to operate. This Metasploit enhancement allows a penetration tester to create a new BITS job to download a file and execute it.
However, getting BITS to only download and execute the file when the tester wants was particularly difficult as there is little to no documentation on how BITS works from that perspective. However, it was discovered that through crafting specific HTTP responses, BITS can be stalled till a certain time. Combining all of this together allows the tester to create a new persistence technique.
S4U Persistence Updates
During the last round of persistence updates, the service for user (S4U) was delayed due to its scope. The module allows a user to create a user-level service which can be used for persistence. However, the module itself was overly complicated. This change for Metasploit took the existing module, modernized it to the new persistence mechansisms, then divided it into 4 different modules. This allows for an easier user experience by giving concrete examples and use cases to establish persistence.
To view this month’s contributions, check the following links: