The document discusses building a cybersecurity stack using open-source tools and emphasizes the significance of cybersecurity in protecting organizations from attacks. It provides examples of recent cyber incidents, tools available for security, and the benefits of open-source software in fostering collaboration and innovation in the cybersecurity community. Additionally, it includes a list of security tools and considerations for choosing the right ones to meet specific cybersecurity needs.

1. Building your cybersecurity stack
with Open-Source
AND CONTRIBUTE TO A SAFER WORLD

2. Open Source México
Advocates of
“OpenSourceFirst” culture to
increase innovation and
economic growth at Mexico

3. Open Source México
Join us !
• Monthly meet ups
• Upcoming Events
• Networking
• News
Networks:
https://twitter.com/amigososom
https://www.linkedin.com/groups/12137251/
https://www.instagram.com/opensourcemexico/
https://github.com/orgs/OpenSOurceMexico/teams
https://www.meetup.com/Open-SOurce-Mexico-OSOM/
https://www.facebook.com/OSOM-Open-Source-Mexico-354538278660417

4. CCOSS
Cumbre contribuidores
opensource
https://sg.com.mx/buzz/asi-fue-la-
1er-cumbre-de-contribuidores-de-
open-source-software

5. What you should take in the
next 50 minutes:
• NO MATTER HOW HARD IT COULD
LOOK, YOU SHOULD BE AWARE OF
INFORMATION SECURITY TOOLS,
FRAMEWORKS AND PROCESSES TO
PROTECT YOURSELF AND YOUR
ORGANIZATION

6. Topics
☛ Cybersecurity
☛ Open Source and how it works
☛ Tools
☛ How to decide

7. Cybersecurity

8. Defining
Cybersecurity is
hard
Context is important.
Requires deep understanding of
core concepts like:
• Authorization
• Confidentiality
• Integrity
• Availability
Sources:
https://www.enisa.europa.eu/publications/definition-of-cybersecurity
https://csrc.nist.gov/glossary/term/cybersecurity
• The prevention of damage to, unauthorized use of, exploitation
of, and—if needed—the restoration of electronic information and
communications systems, and the information they contain, in
order to strengthen the confidentiality, integrity and availability
of these systems.
• The process of protecting information by preventing, detecting,
and responding to attacks

9. Implementing Cybersecurity is
harder…

10. Cybersecurity example (A)
“…We’ve been alerted that portions of the PHPBB user table
from our forums showed up in a leaked data
collection…includes usernames, email addresses, salted,
hashed passwords….”
BTW, they were using phpBB 3.1, an OpenSource forum
board.
The attack could be mitigated using an updated version of
phpBB.
Source: https://ethhack.com/2019/09/xkcd-forum-hacked-over-562000-users-account-details-leaked/

11. Cybersecurity example (B)
Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million
Demanded
“Security researchers were able to find the malware sample
which confirms the DoppelPaymer infection
…Pemex was probably targeted by an initial infection of
the Emotet Trojan which eventually provided network
access…then have used Cobalt Strike and PowerShell Empire to
spread the ransomware…”
Emotet uses a modular based architecture which includes open
source tools. Signatures of Emotet botnet can be found by the
Cuckosanbox open source malware analysis tool.
Source: https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/

12. Cybersecurity example (C)
A case study in industry collaboration: Poisoned RDP
vulnerability disclosure and response
“In his research into reverse RDP attacks, Eyal Itkin found that
for mstsc.exe, this technique, also referred to as lazy lateral
movement, was possible through the clipboard sharing channel.”
“Check Point Research recently discovered multiple
vulnerabilities in (RDP) that would allow a malicious actor to
reverse the usual direction of communication and infect the IT
professional…
There are also some popular open-source clients for the RDP
protocol that are used mainly by Linux and Mac users.”
Source:
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
https://research.checkpoint.com/2019/reverse-rdp-attack-code-execution-on-rdp-clients/

13. Common Denominator
Popular website
• Forum
• Opensource tool
• Non patched
Large corporation
• Spear phishing
• Established foothold
• Install ransomware
• Known malware
signatures
• Opensource modules
• Public signatures
opensource
Windows Remote
Desktop Protocol
• Enterprise client
analyzed
• Opensource clients
analyzed
• Static Analysis to
identify vulnerabilities

14. (free) Open Source
Software

16. FOSS is…
Collaboration
Openness
Meritocracy
Born in hacking culture

17. THE Hacking Culture
particularly creative people who define themselves partly by rejection of ‘normal’
values and working habits
a subculture of individuals who enjoy the intellectual challenge of creatively
overcoming limitations of software systems to achieve novel and clever outcomes
a manner in which it is done and whether it is something exciting and meaningful
Source:
https://en.wikipedia.org/wiki/Hacker_culture
http://catb.org/jargon/html/introduction.html <- PLEASE READ THIS BOOK, “THE CATHEDRAL AND THE BAZAAR BY ERIC. S RAYMOND

18. Cyber Security community embraces
Collaboration
Openness
Meritocracy
DERIVED ON IT’S HACKING SUBCULTURE(S)

19. How to choose the right
tool for the right job

20. HUGE HUGE HUGE LIST OF FOSS
TOOLS ON CYBERSEC
This Photo by Unknown Author is licensed under CC BY-NC-ND

21. Where to find
OpenSource
security tools
GitHub / Gitlab
Sourceforge
Academic institutions
Carnegie Mellon University SEI:
https://www.sei.cmu.edu/publications/sof
tware-tools/
Organizations promoting
Security
OWASP: https://owasp.org
National Security Agency:
https://github.com/nationalsecurityagency
Within Enterprise Security
Tools
Some products are based on Core Open
Source projects

22. Now: Let Me Google That For You
•Intrusion
Protection System
Snort
•Original engine of
Nessus Network
Scanner
OpenVAS
•The good old
school network
scanner
Nmap
•Community
version of Nagios
network/infra
monitor
Nagios
Core
•Simulate MITM
attacks
Ettercap
•Simulate a Breach
and Attack
scenario with
super GUI
Infection
Monkey
•Framework to
automate
vulnerabilities
testing (EXPLOITS)
Metasploit
•Malware Analysis
sandbox
Cuckoo
Sandbox
•GUI Forensic tools
for HD
Autopsy
•List Unix tools,
versions and
vulnerabilities
Lynis
Source:https://www.darkreading.com/threat-intelligence/10-open-source-security-tools-you-should-know/d/d-id/1331913

23. For the
Hoody h4x0r
on the room
Join:
https://t.me/bugbountyes

24. OWASP Zed Attack Proxy Project
The OWASP Zed Attack Proxy (ZAP) is one of
the world’s most popular free security.
Can help to automatically find security
vulnerabilities web applications.
• Possibly to integrate it in a CI/CD pipeline
Great tool for experienced pen testers to
use for manual security testing.

25. SAST
Static Application Security Testing
https://snyk.io/
https://www.sonarqube.org/sonarqube-8-0/
https://docs.renovatebot.com/
https://github.com/archerysec
https://github.com/hawkeyesec
https://coreos.com/clair/docs/latest/
https://www.whitesourcesoftware.com/open-source-security/
Source:https://blog.vulcan.io/vulnerability-remediation-in-the-ci-cd-pipeline-not-just-a-coding-issue
Disclamer: Not all these tools are open source, but most of them are offered freely for opensource projects

26. WITH SO MANY
OPTIONS, WHAT CAN I
DO!
HOW TO DECIDE

27. Define GOAL & Expected OUTCOME
What is the purpose of :
Scanning your code
Analyzing your dependencies
Running a vulnerability proxy
Scan your network
Scan endpoints/devices
Monitor your network traffic
Run a forensic analysis on a HDD
Add a key management tool
Results must become deliverables with
Quantifiable data
Baselining Key Performance Indicators
Useful for security audits & compliance
Tailored to the cybersecurity landscape of the
systems
• Retro feedback Threat & Risk Analysis

28. Training
Comprehensive official documentation (contributors love
documenting, right?)
Find the creators
Check if they are open to help
Github issues are a great way to learn
StackOverflow…
Blog posts
YouTube videos
BOOKS O’Reilly has a huge library of books covering
how-to on many open source tools
From time to time companies or individuals close to the project
provide on-site/on-line training: got for it!

29. Features
Need a GUI?
Need a CLI?
Integration Matches the current CI/CD
pipeline
Reports
Single run
Historical data
Extensible
Plugin architecture
Modular architecture
Codebase easy to maintain

30. Support
Remember, must open source license provide
no warranty
Only community support
Supported by a
company
Premium support available
Is it an active
community?
Check if there are recent commits
Communication channels
•Slack
•Mailing lists
•Github issues

31. Integration

32. Strategy 1: Pre Commit
Hooks

33. Strategy 2: On Artifact
Build

34. Strategy 3: On Deploy to
lower environments

35. Using a mix
of strategies
can leverage
multiple
benefits
BUT… might require larger
maintenance, extra resources ($),
increased complexity

36. Most security
tools can be
integrated with
a CI/CD pipeline

37. Scanners can be configured to run automatically on
cloud/on-premise infrastructure

38. Thank you!