The Linux Foundation has announced the new Red Team project during the Open Source Leadership Summit. Red Teams are a way to test the effectiveness of a company’s or group’s security program. The Red Team Project needs to create open source Red Team security tools.
Red Teams test the effectiveness of a security program by mimicking how attackers go after a system in the real world. The Red Team Project of the Linux Foundation should become an incubator of open source tools for such tests, knows ZDNet. These include programs that support cyber range automation, centralized pen testing tools, binary risk analysis, and standard validation programs.
Cyber-range refers to virtual spaces that can simulate attacks by hackers. In theory, this is easy to do in the cloud. A cyber range includes vulnerable machine images, application configurations, attack platforms, exploits and operators. A range can then be used for security training by using hacker scenarios. These scenarios can represent real-world situations.
CTL
The current binary risk analysis project of the Red Team Project originated from the Fedora Red Team Special Interest Group. Jason Callaway, now a Google Customer Engineer, began that group with a number of “fellow Red Hatters at Def Con 25”. “There were a number of exploit mapping tools we wanted to build, and I was inspired by the Cyber-ITL project of Mudge and Sarah Zatko. I wanted to make an open-source implementation of their methods.”
The resulting project – the Cyber Test Lab (CTL) has migrated to the Red Team Project, and is now working on adding support for other Linux distributions. CTL gives open source projects a way to analyze their code, giving them insight into how the Cyber-ITL give scores to their binary risks.
The Red Team Project places its projects and tools on GitHub. It also organises meetups, which can be attended via Google Hangouts, among other things.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.