Upgrade to Pro — share decks privately, control downloads, hide ads and more …

For the greater good? Open sourcing weaponisable code

For the greater good? Open sourcing weaponisable code

Presented by Laura Bell (SafeStack) at Oscon 2015.

Laura Bell

July 23, 2015

More Decks by Laura Bell

Other Decks in Technology


  1. Laura Bell Founder  and  Lead  Consultant  -­‐  SafeStack @lady_nerd  

     [email protected]   h6p:/ /safestack.io   For the greater good? open sourcing weaponisable code
  2. In  this  talk   The  Story   AVA  and  building

     security  tools   The  Challenges   Lessons  learned  the  hard  way  and  ques7ons  with  difficult  answers   The  Solu4ons   The  future  and  how  we  proceed    
  3. Location Time stamps Sender Receiver User agent friends contacts frequency

    aliases profiles Last login Pw Expires? Disabled? Influence Admin?
  4. Email attacks that go beyond phishing Email phishing Internal request

    social panic Direct request External request favour authoritative
  5.   The  URL  may  be  different  on  different  messages.  

    Subject:  Security  Alert:  Update  Java  (*See  Kronos  Note)   Date:  February  22,  2013   *********************************************************** *************   This  is  an  automa4cally  generated  message.  Please  DO  NOT  REPLY.     If  you  require  assistance,  please  contact  the  Help  Center.   *********************************************************** *************   Oracle  has  released  an  update  for  Java  that  fixes  50  security  holes,   including  a     cri4cal  hole  currently  being  exploited  in  the  wild.   The  IT  Security  Office  strongly  recommends  that  you  update  Java  as   User generated and publicly sourced attacks
  6. Technologies •  Django •  Postgresql •  Celery •  Redis • 

    Bootstrap •  Open source •  GPL •  docker •  Integrates with exchange, ad and google apps for business
  7. Everybody  has  a  moral  compass,  we  just  don’t  agree  where

     north  is Project  values  and  ethics  are  important
  8. But  is  this  a  necessary  evil? Ve_ng  contributors  is  voodoo

    ability,  enthusiasm,  moEvaEon,  background,  employer,  maturity
  9. Learn more or get involved @avasecure http://avasecure.com open source (GPL)

    https://github.com/SafeStack/ava now with docker build
  10. Laura Bell Founder  and  Lead  Consultant  -­‐  SafeStack @lady_nerd  

     [email protected]   h6p:/ /safestack.io   Questions? #protectyourpeople   #oscon