9:30 p.m.
Fedora Security List,
I wanted to bring your attention to a new SIG:
https://fedoraproject.org/wiki/SIGs/Red_Team
The goal of this SIG is to be Red Hat's upstream cyber community, and focal
point for new offensive tooling, exploit curation, standards, and reference
architectures.
A number of exciting projects are planned for this SIG, but we already have
a working alpha-version of our tool, the Enterprise Linux Exploit Mapper
(ELEM) [0]. ELEM lets administrators scan their RHEL or CentOS systems for
vulnerabilities that are associated with known exploits in the wild. We’re
working on adding Fedora support to ELEM. It currently has only one exploit
data source [1], but we’re adding more [2].
We’ll be using this list and #fedora-security for comms, and we’d love your
feedback on the SIG and ELEM.
Thanks,
~Jason
[0] - https://github.com/fedoraredteam/elem
[1] - https://www.exploit-db.com
[2] -
https://github.com/fedoraredteam/elem/issues?q=is%3Aissue+is%3Aopen+label...
--
Jason Callaway | jcallaway(a)redhat.com | (240) 285-9529 | GPG Key 0x81ED4A9A
7:43 a.m.
On Thu, Sep 14, 2017 at 10:30:29PM -0400, Jason Callaway wrote:
I wanted to bring your attention to a new SIG:
https://fedoraproject.org/wiki/SIGs/Red_Team
Hi Jason! This seems really exciting. What can I do to support this
effort?
I'd love to see a Fedora Magazine article about it - what is a "Red
Team", what will Fedora's Red Team do, how this relates to existing
Fedoa Security efforts.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
3:04 p.m.
Hi,
On Thu, Sep 14, 2017 at 10:30:29PM -0400, Jason Callaway wrote:
I wanted to bring your attention to a new SIG:
https://fedoraproject.org/wiki/SIGs/Red_Team
The goal of this SIG is to be Red Hat's upstream cyber community, and focal
point for new offensive tooling, exploit curation, standards, and reference
architectures.
This is great. I am wondering about the mission statement:
¦ To be the catalyst in the enterprise Linux community that enables
¦ Computer Network Operations, the open source way.
It is missing the cyber in there! ;-)
A number of exciting projects are planned for this SIG, but we
already have
a working alpha-version of our tool, the Enterprise Linux Exploit Mapper
(ELEM) [0]. ELEM lets administrators scan their RHEL or CentOS systems for
vulnerabilities that are associated with known exploits in the wild. We’re
working on adding Fedora support to ELEM. It currently has only one exploit
data source [1], but we’re adding more [2].
Are you also considering doing offensive security tests
on the Fedora infrastructure? This was my first association when I heard
the SIG's name. :-)
Kind regards
Till
4:30 p.m.
I think it's a great idea,
About elem. I like the tool.
All the tools seem to me to have a good future.
I am currently working in a cybersecurity company and would like to
contribute.
Aprendiendo seguridad..
2017-09-19 15:04 GMT-05:00 Till Maas <opensource(a)till.name>:
Hi,
On Thu, Sep 14, 2017 at 10:30:29PM -0400, Jason Callaway wrote:
> I wanted to bring your attention to a new SIG:
> https://fedoraproject.org/wiki/SIGs/Red_Team
>
> The goal of this SIG is to be Red Hat's upstream cyber community, and
focal
> point for new offensive tooling, exploit curation, standards, and
reference
> architectures.
This is great. I am wondering about the mission statement:
¦ To be the catalyst in the enterprise Linux community that enables
¦ Computer Network Operations, the open source way.
It is missing the cyber in there! ;-)
> A number of exciting projects are planned for this SIG, but we already
have
> a working alpha-version of our tool, the Enterprise Linux Exploit Mapper
> (ELEM) [0]. ELEM lets administrators scan their RHEL or CentOS systems
for
> vulnerabilities that are associated with known exploits in the wild.
We’re
> working on adding Fedora support to ELEM. It currently has only one
exploit
> data source [1], but we’re adding more [2].
Are you also considering doing offensive security tests
on the Fedora infrastructure? This was my first association when I heard
the SIG's name. :-)
Kind regards
Till
_______________________________________________
security mailing list -- security(a)lists.fedoraproject.org
To unsubscribe send an email to security-leave(a)lists.fedoraproject.org
10:13 a.m.
On Tue, Sep 19, 2017 at 10:04:38PM +0200, Till Maas wrote:
On Thu, Sep 14, 2017 at 10:30:29PM -0400, Jason Callaway wrote:
> A number of exciting projects are planned for this SIG, but we already have
> a working alpha-version of our tool, the Enterprise Linux Exploit Mapper
> (ELEM) [0]. ELEM lets administrators scan their RHEL or CentOS systems for
> vulnerabilities that are associated with known exploits in the wild. We’re
> working on adding Fedora support to ELEM. It currently has only one exploit
> data source [1], but we’re adding more [2].
Are you also considering doing offensive security tests
on the Fedora infrastructure? This was my first association when I heard
the SIG's name. :-)
While that's of interest, it's also not an activity we can easily open
up to a community effort at this point. Some of the Fedora
infrastructure sits on equipment operated by Red Hat, so there are
restrictions on who'd be able to participate in offensive testing. In
discussing with Jason, I advised it was best not to set up false
expectations on that front.
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
The open source story continues to grow: http://opensource.com
2408
days inactive
2414
days old
security@lists.fedoraproject.org
4 comments
5 participants
participants (5)
-
Jason Callaway -
Lorddemon -
Matthew Miller -
Paul W. Frields -
Till Maas