From Fedora Project Wiki

Revision as of 12:11, 6 October 2017 by Jasoncallaway (talk | contribs)

Fedora Red Team meeting 6 October 2017

Time: 1400 UTC

Location: Freenode IRC #fedora-security

Agenda

  • State of the SIG
  • Active projects
    • ELEM
      • Enterprise Linux Exploit Mapper
      • Ken Evensen lead developer
      • Quick description and update
      • Exploit curation crowdsourcing (kanban board)
    • FCTL
      • Replication of Cyber-ITL methodology and results in an open source and repeatable way
      • Using a handful of open source tools to analyze binaries
      • Radare2
      • Capstone Engine
      • hardening-check
      • Results currently go into Mongo
      • Looking to transition to ELK for better vis layer
      • Plan to analyze RHEL, CentOS, and Fedora
      • Would love community contributions for other OSes
  • Roadmap projects
    • Fedora Security Data API
    • Red Container
      • Kali is great, the world doesn’t need another security distro
      • OCI makes packaging efforts obsolete
    • PTES
      • Spoke with David Kennedy (cofounder), who keynoted our Defense in Depth event this week
      • We’re going to work with the project, no need to fork
      • Plan to migrate to GitHub / RTD interface
      • Next touchpoint is late October, should have an update by next SIG meeting
    • Reference Architectures
      • Two planned
      • Using GitHub / RTD for this as well to support collaboration
      • Definition of Cyber Range
        • About 50% complete
        • Much of the diagrams and copy can be taken from proposals we’ve written
      • Next-Generation Malware Analysis
        • Also about 50% complete
        • Can re-use proposal work
      • For each, targeting similar structure to NIST SP800-145
        • Essential characteristics
        • Deployment models
        • Service models
      • Should be active by next SIG meeting
    • Pen tests
      • Eclipse Foundation
        • Partner closely with them on other topics, JEE, Geospatial
        • Started coordination with Eclipse for a pro bono pen test
        • Need to pick this back up
        • Plan to use this to flesh out PTES needed updates
        • Will open source pen test report after findings are remediated
      • Looking for other clients who would like a pen test so we can better update PTES
  • Team to-do
    • Order swag, looking for recommendations, probably hats
    • Need to get team calendar set up

Minutes

TBD