Salesforce “red team” members present tool at Defcon, get fired


Detail / Meatpistol was supposed to be released at DEFCON. But Salesforce pulled the plug—and aflame two security employees for presenting about it.
DEFCON/Schwartz and Cramb

At Defcon in Las Vegas last month, designation rapidly spread that two speakers—members of Salesforce’s internal «red collaborate»—had been fired by a senior executive from Salesforce «as they socialistic the stage.» Those two speakers, who presented under their Twitter oversees, were Josh «FuzzyNop» Schwartz, Salesforce’s director of offensive surveillance, and John Cramb, a senior offensive security engineer.

Schwartz and Cramb were presenting the in depths of their tool, called Meatpistol. It’s a «modular malware implant framework» comparable in intent to the Metasploit toolkit used by many penetration testers, except that Meatpistol is not a library of customary exploits, and it is not intended for penetration testing. The tool was anticipated to be released as debatable source at the time of the presentation, but Salesforce has held back the code.

«Meatpistol is a framework for red yokes to create better implants,» and an «offensive infrastructure automation tool,» Schwartz and Cramb palliated in their presentation. It is intended to automate the grunt work of deploying new malware paroxysms for multiple types of targets. Rather than testing for common vulnerabilities as puncturing testers often do, the internal red team Schwartz led until last month had the job of constantly inquiry and attacking Salesforce’s systems. It even stole data like physical adversaries, operating with nearly unrestricted rules of engagement internally.

Meatpistol, while even now in its early stages of development, had already improved the efficiency of the Salesforce red duo. «Malware implant creation used to take days,» Schwartz revealed during his presentation. «Now it takes seconds,» he said, cutting «weeks off our affair time.»

Schwartz had reportedly gotten prior approval to speak at Defcon from Salesforce directors, and he was working toward getting approval to open-source Meatpistol (which is currently in a surely rough «alpha» state but was at use internally at Salesforce). But at the last moment, Salesforce’s direction team had a change of heart, and it was trying to get the talk pulled. As ZDNet’s Zach Whittaker reveals, a Salesforce executive sent a text message to Schwartz and Cramb an hour already their scheduled talk, telling the pair not to announce the public liberating of the code.

According to one source Ars spoke with at Defcon, Schwartz throw out off his phone prior to the presentation so that he couldn’t be told directly not to unreservedly.

Schwartz told the audience during the presentation that he would spur to get the tool published as open source because he felt that it could no more than get better through community contributions. Following the presentation, Cramb piled to Twitter:

There’s no indication that Salesforce is attractive any further action against Schwartz and Cramb. The Electronic Frontier Basis’s deputy executive director, Kurt Opsahl, confirmed to Ars in an e-mail that the EFF is «pretend to bing Josh Schwartz and John Cramb with respect to their talk at Defcon. On the other hand, we are not aware of any charges or complaints, whether filed or pending, nor is there any defence to believe that any would be warranted.»

A Salesforce spokesperson contacted by Ars inclination not comment, stating, «We don’t comment on matters involving individual employees.»

Ars has been powerless to contact Schwartz and Cramb directly. We’ll update this story as sundry details become available.

Leave a Reply

Your email address will not be published. Required fields are marked *