Mirëdita! My name is Daniel Bohannon and I am a security researcher in the US for a company called Mandiant/FireEye. Over the past 8 years in the IT industry (and 5 years in security) I have developed several open source projects related to obfuscation and detection (listed at the end).
What I love more than CREATING open source projects is:
- encouraging others to get involved in Open Source projects
- introducing people to opportunities in cybersecurity
- showing various ways people can get involved in the cybersecurity industry if they are interested
Is there any interest in one or both of the following presentations topics (light, interactive workshops) at Open Labs Albania any day from February 15, 2019 through March 16, 2019?
Topic 1 Title: Getting Into InfoSec via Open Source
This presentation is an overview of the vast career opportunities (both technical and non-technical) in the field of InfoSec (Information Security). This is meant to expose ICT enthusiasts to the wide array of career opportunities and community projects available in the InfoSec industry. In addition, this will highlight the numerous ways that Open Source can help you enter into the InfoSec community whether it is Open Source coding contributions, Open Source Intelligence (OSINT) gathering/sharing, Open Data publication, helpful Twitter accounts and blogs to follow for various InfoSec information, etc.
Of particular importance is highlighting to users that there are ethical ways to “hack” to identify coding vulnerabilities and to help create secure code while defending against hacking attacks. Exposing users to these ethical routes will help deter them from joining lucrative, illegal hacking activities, and will show them how they can benefit their community using their passions and skills.
While coding skills are not required for many roles in InfoSec, for those that are into coding this presentation will emphasize ways to create and contribute to Open Source projects related to InfoSec as a means of learning about security issues and tools. This is also an incredible way to connect with world-class security researchers and share your contributions via Open Source code creation, contribution and sharing in forums like hackerspaces, podcasts, workshops and even security conferences both local and abroad.
Topic 2 Title: Translating Open Source Software in InfoSec
A great way to get into coding or to learn a new programming or scripting language is to translate a small tool or project from one language to another. This is a very popular trend in the InfoSec community and is a great way to meet security enthusiasts and professionals if you want to enter into the InfoSec world. Since many tool developers and end users have a preferred language, porting smaller tools into various languages makes them plug-and-play options for all other tool developers in the target coding language.
Examples of Python --> PowerShell :: EyeWiteness
Examples of PowerShell --> Python :: Empire --> Empyre, Invoke-Obfuscation (sub-modules)
Examples of PowerShell --> CSharp :: PowerSploit --> SharpSploit
Examples of C++ --> CSharp :: Kekeo --> Rubeus
In addition, integrating multiple existing projects is another great way that several well-known security professionals started their InfoSec journey: CrackMapExec (Marcello Salvati, @byt3bl33d3r), ObfuscatedEmpire (Ryan Cobb, @cobbr_io), etc.
As a part of this talk I will highlight several specific small InfoSec projects with source and desirable target languages to get interested attendees started if they are looking for ideas.
WHO: Me, Daniel Bohannon (@danielhbohannon)
WHAT: Cybersecurity presentation/workshop(s) [see two topics above]
WHEN: Any day from February 15, 2019 through March 16, 2019
WHERE: Open Labs Albania
WHY: Because sharing is caring
Open source projects I have authored or co-authored: