Configuration And Risk Assessment Toolkit, Metasploit Within The Enterprise (Lightning Talk) presented at hashdays 2010

by Max Moser, Philipp Schrödel (Dreamlab Technologies AG),

Tags: Lightning Talk


Summary : The talk introduces our new open source extension for the well known Metasploit Framework, called CARAT. It uses Metasploits Meterpreter technology to communicate in between the client (to be scanned target) and the server (The Metasploit Server running the CARAT plugin), execute commands and consolidate the results. By introducing client specific job scheduling to Metasploit, CARAT is a Framework for automated configuration validation, security assessments and functional testing of components and applications. In contrary to a lot of other available frameworks, CARATs architecture is as simple as possible, this allows a great amount of flexibility to its users.

Philipp Schrödel: Philipp Schrödel has been working in the informatics sector for ten years. Initially operating as a system administrator, he worked as a system engineer for security products, auditor and performed computer forensic analyses. Since 2007, he is an acknowledged security expert and penetration tester for Dreamlab Technologies AG in the international scope. Philipp Schrödel is specialised on research, development and consulting in the IT security sector. As a lecturer, he is sharing his profound knowledge of security in our “Hands on Hacking” courses at the University of Applied Sciences as well as at internal trainings for our customers.