The Linux Foundation has launched the Red Team Project, which incubates open source cybersecurity tools to support cyber range automation, containerized pentesting utilities, binary risk quantification, and standards validation and advancement.
The Red Team Project’s main goal is to make open source software safer to use. They use the same tools, techniques, and procedures used by malicious actors, but in a constructive way to provide feedback and help make open source projects more secure.
We talked with Jason Callaway, Customer Engineer at Google, to learn more about the Red Team project.
Linux Foundation: Can you briefly describe the Red Team project and its history with the Fedora Red Team SIG?
Jason Callaway: I founded the Fedora Red Team SIG with some fellow Red Hatters at Def Con 25. We had some exploit mapping tools that we wanted to build, and I was inspired by Mudge and Sarah Zatko’s Cyber-ITL project; I wanted to make an open source implementation of their methodologies. The Fedora Project graciously hosted us and were tremendous advocates. Now that I’m at Google, I’m fortunate to get to work on the Red Team as my 20% Project, where I hope to broaden its impact and build a more vendor neutral community. Fedora is collaborating with LF, supports our forking the projects, and will have a representative on our technical steering committee.
LF: What are some of the short- and long-term goals of the project?
Jason: Our most immediate goal is to get back up and running. That means migrating GitHub repos, setting up our web and social media presence, and most importantly, getting back to coding. We’re forming a technical steering committee that I think will be a real force multiplier in helping us to stay focused and impactful. We’re also starting a meetup in Washington DC that will alternate between featured speakers and hands-on exploit curation hackathons on a two-week cadence.
LF: Why is open source important to the project?
Jason: Open source is important to us in many ways, but primarily because it’s the right thing to do. Cybersecurity is a global problem that impacts individuals, businesses, governments, everybody. So we have to make open source software safer.
There are lots of folks working on that, and in classic open source fashion, we’re standing on the shoulders of giants. But the Red Team Project hopes to offer some distinctly offensive value to open source software security.
LF: How can the community learn more and get involved?
Jason: I used to have a manager who liked to say, “80% of the job is just showing up.” It was tongue-in-cheek for sure, but it definitely applies to open source projects. To learn more, you can attend our meetups either in person or via Google Hangout, subscribe to our mailing list, and check out our projects on GitHub or our website.
This article originally appeared at The Linux Foundation
Any given task can succeed or fail depending upon the tools at hand. For security engineers in particular, building just the right toolkit can make life exponentially easier. Luckily, with open source, you have a wide range of applications and environments at your disposal, ranging from simple commands to complicated and integrated tools.
The problem with the piecemeal approach, however, is that you might wind up missing out on something that can make or break a job… or you waste a lot of time hunting down the right tools for the job. To that end, it’s always good to consider an operating system geared specifically for penetration testing (aka pentesting).
Within the world of open source, the most popular pentesting distribution is Kali Linux. It is, however, not the only tool in the shop. In fact, there’s another flavor of Linux, aimed specifically at pentesting, called BackBox. BackBox is based on Ubuntu Linux, which also means you have easy access to a host of other outstanding applications besides those that are included, out of the box.
BackBox includes a suite of ethical hacking tools, geared specifically toward pentesting. These testing tools include the likes of:
Web application analysis
Exploitation testing
Network analysis
Stress testing
Privilege escalation
Vulnerability assessment
Computer forensic analysis and exploitation
And much more
Out of the box, one of the most significant differences between Kali Linux and BackBox is the number of installed tools. Whereas Kali Linux ships with hundreds of tools pre-installed, BackBox significantly limits that number to around 70. Nonetheless, BackBox includes many of the tools necessary to get the job done, such as:
Ettercap
Msfconsole
Wireshark
ZAP
Zenmap
BeEF Browser Exploitation
Sqlmap
Driftnet
Tcpdump
Cryptcat
Weevely
Siege
Autopsy
BackBox is in active development, the latest version (5.3) was released February 18, 2019. But how is BackBox as a usable tool? Let’s install and find out.
If you’ve installed one Linux distribution, you’ve installed them all … with only slight variation. BackBox is pretty much the same as any other installation. Download the ISO, burn the ISO onto a USB drive, boot from the USB drive, and click the Install icon.
The installer (Figure 1) will be instantly familiar to anyone who has installed a Ubuntu or Debian derivative. Just because BackBox is a distribution geared specifically toward security administrators, doesn’t mean the operating system is a challenge to get up and running. In fact, BackBox is a point-and-click affair that anyone, regardless of skills, can install.
The trickiest section of the installation is the Installation Type. As you can see (Figure 2), even this step is quite simple.
Once you’ve installed BackBox, reboot the system, remove the USB drive, and wait for it to land on the login screen. Log into the desktop and you’re ready to go (Figure 3).
Thanks to the Xfce desktop environment, BackBox is easy enough for a Linux newbie to navigate. Click on the menu button in the top left corner to reveal the menu (Figure 4).
From the desktop menu, click on any one of the favorites (in the left pane) or click on a category to reveal the related tools (Figure 5).
The menu entries you’ll most likely be interested in are:
Anonymous – allows you to start an anonymous networking session.
Auditing – the majority of the pentesting tools are found in here.
Services – allows you to start/stop services such as Apache, Bluetooth, Logkeys, Networking, Polipo, SSH, and Tor.
Before you run any of the testing tools, I would recommend you first making sure to update and upgrade BackBox. This can be done via a GUI or the command line. If you opt to go the GUI route, click on the desktop menu, click System, and click Software Updater. When the updater completes its check for updates, it will prompt you if any are available, or if (after an upgrade) a reboot is necessary (Figure 6).
Should you opt to go the manual route, open a terminal window and issue the following two commands:
sudo apt-get update sudo apt-get upgrade -y
Many of the BackBox pentesting tools do require a solid understanding of how each tool works, so before you attempt to use any given tool, make sure you know how to use said tool. Some tools (such as Metasploit) are made a bit easier to work with, thanks to BackBox. To run Metasploit, click on the desktop menu button and click msfconsole from the favorites (left pane). When the tool opens for the first time, you’ll be asked to configure a few options. Simply select each default given by clicking your keyboard Enter key when prompted. Once you see the Metasploit prompt, you can run commands like:
db_nmap 192.168.0/24
The above command will list out all discovered ports on a 192.168.1.x network scheme (Figure 7).
Even often-challenging tools like Metasploit are made far easier than they are with other distributions (partially because you don’t have to bother with installing the tools). That alone is worth the price of entry for BackBox (which is, of course, free).
Although BackBox usage may not be as widespread as Kali Linux, it still deserves your attention. For anyone looking to do pentesting on their various environments, BackBox makes the task far easier than so many other operating systems. Give this Linux distribution a go and see if it doesn’t aid you in your journey to security nirvana.
Linus Torvalds at last made the jump with the recent release of kernel 5.0. Although Linus likes to say that his only reason to move on to the next integer is when he runs out of fingers and toes with which to count the fractional part of the version number, the truth is this kernel is pretty loaded with new features.
On the network front, apart from improvements to drivers like that of the Realtek R8169, 5.0 will come with better network performance. Network performance has been down for the last year or so because of Spectre V2. The bug forced kernel developers to introduce something called a Retpoline (short for “RETurn tramPOLINE“) to mitigate its effect. The changes introduced in kernel 5.0 “[…] Overall [give a greater than] 10% performance improvement for UDP GRO benchmark and smaller but measurable [improvements] for TCP syn flood” according to developer Paolo Abeni.
What hasn’t made the cut yet is the much anticipated integration of WireGuard. Wireguard is a VPN protocol that is allegedly faster, more versatile and safer than the ones currently supported by the kernel. Wireguard is easy to implement, uses state of the art encryption, and is capable of maintaining the network link to the VPN up even if the user switches to a different WiFi network or changes from WiFi to a wired connection.
An ongoing task is the work going into preparing for the Y2038 problem. In case you have never heard of this, UNIX and UNIX-like systems (including Linux) have clocks that count from January the 1st, 1970. The amount of seconds from that date onwards is stored in a signed 32-bit variable called time_t. The variable is signed because, you know, there are some programs that need to show dates before the 70s.
At the moment of writing we are already somewhere in the 01011100 01110010 10010000 10111010 region and the clock is literally ticking. On January 19th 2038, at 3:14:07 in the morning, the clock will reach 01111111 11111111 11111111 11111111. One second later, time_t will overflow, changing the sign of your clock and making your system believe, along with millions of devices and servers worldwide, that we are back in 1901.
Then… well, the usual: planes will fall from the sky, nuclear power stations will melt down, and toasters will explode, rendering the world breakfastless. That is, of course, unless the brave kernel developers don’t come up with a solution in the meantime. Then again, they made the Wii controller work in Linux, what could they not achieve?
As always, you can find more information about Linux 5.0 by reading Linus’s announcement on the Linux Kernel mailing list, checking out the in-depth articles at Phoronix and by reading the Kernel Newbies report.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.