David Kennedy gave a demo-based talk about using the Fast-Track Suite. In this standing-room only session (I ended up sitting on the floor), David described Fast-Track as an easy-to-use, web browser-based point-and-click set of tools that are customized for specific kinds of targets types.

His talk involved going through several demos that showed how easy it is for someone using Fast-Track to “pop a box”—a theme repeated throughout his presentation.

Some of the modules included in Fast-Track are SQLPwnage, SQL Bruter, Binary to Hex Generator, Mass Client Site Attack, and Metasploit Autopwn. The tool also incorporates a simple update mechanism; just go to a configuration screen and press the update button.

Kennedy and others are constantly adding new attacks to the framework, so updating regularly has its perks. The tool also includes interactive and command-line modes instead of the web browser interface. If you’re interested, version 4.0 of Fast-Track is officially being released today.

More information about the tool can be found at ThePenTest.com, and the code can be downloaded from their SVN directory. Fast-Track is also included in BackTrack 4 Beta if you were lucky enough to get a copy at the conference. Also check out Kennedy’s main site, SecureState.com.

###

Was this post helpful? If so, consider passing it along to a friend or becoming a subscriber of our site. Or, you can always do both—we won’t complain.

Tags: conference, event, fast-track, infosec, nova, penetration, saturday, shmoocon, the shmoo group, update

This entry was posted on February 8, 2009 at 10:33 pm and is filed under Infosec Conferences. You can follow any responses to this entry through the RSS 2.0 feed.