OPEN SOURCE SPOTLIGHT: BRIAN CARRIER OF BASIS TECHNOLOGY

With OpenSec 2017 less than a month away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity and where it is heading.

This week we spoke to Brian Carrier, VP of Digital Forensics at Basis Technology in Cambridge, MA. In this role, Brian builds incident response software, open source software, and custom software to enhance digital investigations, having largely developed open source projects The Sleuth Kit, Autopsy 1 and 2, mac-robber, and TCTUTILs. Additionally, Brian chairs the annual Open Source Digital Forensics Conference (OSDFCon), which examines the latest open source tools and techniques.

To hear more from Brian and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.

How did you start in Cybersecurity? What initially pulled you in?

I was an intern in the mid-90's when the company got their first internet connection. I got involved with setting up their Linux-based firewall. I then got interested in forensics when the first open source tools started to be released in 2000ish (The Coroner's Toolkit) and started to expand on them because I wanted to learn more. I was working at @stake at the time and we needed incident response tools for our work, so we built them and released them out as open source. I've been maintaining and involved with The Sleuth Kit and Autopsy ever since.

What are some products or solution spaces you're watching and exciting to see grow?

I focus a lot of my time on easy to use products that help companies do their own basic incident response and forensics. The basic idea being that as companies get more security maturity, they need to be able to respond to incidents, but most won't have forensics experts on staff.

Many companies will respond to a SIEM alert by looking at antivirus logs. If the antivirus is happy, then they are happy and that is all they can do. We want to enable companies to go a bit deeper and help them analyze additional data, which is why we've been building our Cyber Triage product.

I think this is a growing space because more companies need to do basic investigations, but don't have the skills or resources to do it.

What do you think makes open source different?

I like open source because it allows for a community to be built around the software. We organize an annual Open Source Digital Forensics (OSDFCon) conference each year (http://www.osdfcon.org) that attracts over 400 people and it’s great to see the developers and users all get together. They are both passionate about the software and what it can do.

From a digital forensics perspective, there is also the benefit of the software being reviewable when entering digital evidence into a court trial. Anyone can verify how it works and you do not need to rely on a software vendor to testify.

Interested in hearing more from Brian? See him talk at OpenSec 2017!

WELLS FARGO CYBERSECURITY EVENT RECAP

Last Wednesday, 2/1, HackSecure hosted a CyberSecurity panel at Wells Fargo (Thanks to WF for sponsoring!) in Boston. The panel included Tim Byrd, SVP at Wells Fargo, Clement Cazalot, VP of Tech at Intralinks and John McAleer, Senior Manager of IT Security at AthenaHealth. The conversation bounced between how their respective companies look at working with young security startups, what they see as the biggest risk threats for their teams moving forward and what they have on their security roadmaps for 2017. Certainly a fruitful conversation for those able to attend and plenty of advice for young companies targeting enterprise customers. Again thanks to Wells Fargo for hosting and a thank you to every who showed up + stayed for drinks after.

ONWARD AND UPWARD

I was advised by many in venture that I wouldn’t last 5 months in venture; I was too impatient, too controlling, too much. Well 5 years later they get to be right, well kind of….

I am stepping down as a General Partner of Accomplice and will not be a GP in Accomplice’s next fund.

Hack Reduce and Hack Secure have proven to be incredibly valuable vehicles to achieve my goal of developing the next generation of great data science and cybersecurity entrepreneurs. Over the past 5 years we’ve built a community of over 7,000 members, having hosted hundreds of events, which led to the funding of over a dozen companies. I’m excited to continue cultivating both ecosystems with the goal of starting many more cybersecurity and data science companies (If you're one of them, get in touch). This requires a tremendous amount of my time and focus.

I also plan on continuing to lead The St. Baldrick’s Foundation’s $100M Tech Fundraising Campaign to end childhood cancer. In the U.S., more children die of childhood cancer than any other disease and I am committed to working with the amazing team at The St. Baldrick’s Foundation to do something about that.

I will continue to represent Accomplice on my portfolio company boards and remain involved with Accomplice as a Senior Advisor. I will continue to work with my seed investments independently and will spend time identifying, investing in and developing entrepreneurs.

Accomplice has become the brand for early stage venture capital in Boston. We've made a ton of progress in our short time, and I'm honored and proud to be a co-founder during this spectacular climb to the top. Our successes give me the opportunity to dig into my personal mission to continue to make Boston great, by focusing on my entrepreneurs, both those I’ve invested in and others I will in the future.

I am very proud of my Atlas and Accomplice partners and my investments over the past five years. I have every expectation to contribute to the delivery of three excellent funds and will always support, enjoy and have an active interest in where Jeff and Ryan take Accomplice from the strong base we’ve built.

My five years in venture has given me the opportunity to spend more time with my family, and collaborate with some incredible entrepreneurs. For this I am incredibly grateful. I want to thank Jeff and Ryan for their friendship, partnership, and for giving me the opportunity to reinvent myself over the last five years as the anti-VC and now to re-invent myself yet again… Stay tuned!

Chris @LynchBigData

TECH TACKLES CANCER RAISES OVER $500K TO SUPPORT ST. BALDRICK’S AND CHILDHOOD CANCER RESEARCH [PHOTOS AND VIDEO]

The Boston Tech community has stepped up big and is providing the leadership necessary to kick off our $100M campaign for Tech Tackles Cancer. Your generosity in support of finding a cure for kids cancer through support of St. Baldrick’s, we raised more than $500k, is legend. I want to tell you all how proud I am to know you and say thanks to each and every individual who helped make our 5th annual St. Baldrick’s event at The Landsdowne Pub, such great success and a rocking good time!

Embedded content: http://www.appetitefordisruption.com/wp-content/uploads/2016/12/161107FL-1323-Winslow-Martins-conflicted-copy-2016-11-30-1024x683.jpg

Once again, our event had over 500 people: shavees, volunteers, sponsors, Patriots, Celtics, start-up folks, raffle items galore, the great Savtones featuring Chris Cote (who crushed Yellowcard playing down the street). When all is said and done the total to St. Baldricks is over $505k with donations still coming in — we met and exceeded our ambitious goal!

Embedded content: https://www.youtube.com/watch?v=QLk-nOLBsuw

Nationally, St. Baldrick’s is the single largest investor in pediatric cancer research next to the U.S. Government. Unfortunately, every 2 minutes a child is diagnosed with this terrible disease, and it kills more children in the U.S. than all other major diseases combined. Kids cancer is very different from adult cancers and hence requires specific research. Eighty percent of children with cancer have had it spread before being diagnosed and for those who survive 70% have shorter life spans marred with chronic health issues. In spite of these facts, only 4% of US Federal funding is solely focused on children’s cancer research. Further, 60% of adult cancer research funding comes from big pharmaceutical companies, with almost none for childhood cancer research because these drugs are not profitable. This is why we need St. Baldrick’s; 100% of their grant’s go to children’s cancer research, and not to one institution, but to the best and brightest researchers around the world-this is a different and winning strategy.

An event of this magnitude takes a lot of work behind the scenes, so I would like to give a special thanks to the committee responsible for organizing our St. Baldrick’s event. My first thanks is to Ben Hux, Volunteer Event Organizer, and Cort Johnson, Mayor of Tech Boston and hack/secure fame, who have stuck by me to make this happen. My goal is for this event is for it to be a Boston legacy we leave the next generation of entrepreneurs, serving to give us perspective, inspiration, strength, and unity.

Thanks also to Accomplice, Matt Burke, Cynthia Ferranzzani, Will Brierly, Lauren Wedell, Josh Terry, Josh Darling, Brittany Vogel, Boston Celtics Dancers, Patriots Cheerleaders, JLL, DLT, City National Bank, The Savtones, Galen Moore and Kyle Gross of BostInno, and Keith Cline of Venture Fizz for support of the event. Without these people and their assistance, this event would not have succeeded. Thanks to Em Vision films for producing the video to promote the event; and to photographer Winslow Martin and videographer Rosemary Jeneth for documenting the event. I also want to thank the Lyon’s Group, for hosting the event and all of the shavees, stylists, volunteers, and raffle items donors.

The generosity of Boston and the surrounding areas is incredible. I am very fortunate to have people like Mike Egan, Jit Saxena, Art Coviello and Jeff Fagnan in my corner. The sacrifice of the shavees alone is unbelievable. I thank them for their commitment to such a deserving cause.

The St. Baldrick’s Foundation is a volunteer-driven charity committed to funding the most promising research to find cures for childhood cancers and give survivors long and healthy lives. The St. Baldrick’s Foundation does this with the guiding principles of integrity, efficiency, transparency, a pioneering spirit and a sense of fun. It’s never too late to donate, I’ll keep the link live.

RED TEAM CHALLENGE RECAP

On Saturday April 23rd, hack/secure and SimSpace with sponsorship from Square 1 Bank and Rapid7, hosted the first in a series of attack and defend challenges.

Embedded content: https://static1.squarespace.com/static/5552e203e4b05a323bd23602/t/5727aefdd51cd48057ea0018/1462218521016/IMG_1153.JPG?format=1500w

We had a great turnout with over 40 cybersecurity practitioners joining. The challenge, created by SimSpace, offered each team their own network consisting of full operating systems and configured with subtle, yet real world vulnerabilities and/or misconfigurations. Teams were required to use real world scanners, exploitation tools, and post exploitation tactics to capture 10 flags.

After 6 hours of attacking the SimSpace network, the team from Booz Allen Hamilton came out on top, capturing 7 of the 10 flags. Veracode came in a close 2nd followed by Rapid7 and Sqrrl in 3rd.

A big thank you to all those who participated. We look forward to seeing everyone at the next challenge!

MEETUP RECAP - JULY 2016

Our July meetup was another riveting post-workday gathering of Boston’s local cybersecurity pros in Cambridge’s Kendall Square. After socializing with a slice of pizza and beer in hand, everyone centered their attention to the two guest speakers prepared with lightning talks:

Mike Li - Security Engineer @Rapid7 (exploitation frameworks) Mike Arpaia - Co-founder & CSO @Kolide (Osquery: host intrusion detection product)

First up at bat, Mike Li started off the night with a focus on exploitation frameworks: what to use, how to apply that tool to derive the best outcome, and all the stages in between.

Playing offense with your security systems

Mike Li took the stage to discuss exploitation frameworks, and how to responsibly use them. The goal: find and fix your weaknesses before an attacker does. Seems like a simple task in theory, but oftentimes people don’t even know what or where their vulnerabilities are to begin with. Enter penetration testing with exploitation framework tools.– Tools like Metasploit, Veil Evasion, etc. have given insights to modern security teams that help establish where vulnerabilities exist. When ethically utilized, these tools help to simulate real world attacks and expose weak spots in a network, which will ultimately help to build a stronger system that is challenging to breach.

But… even if you have a near impenetrable infrastructure, your systems are still susceptible to outsider attacks in the form of social engineering. We often think about holes in our system, or brute-force efforts as primary methods to gain access, when in reality many breaches occur due to human naiveté. And on that thought, Mike left us with a simple reminder: Penetration testing and exploitation frameworks are both necessary and valuable. But ultimately, they help us spot vulnerabilities in our systems, not our people. Humans are not infallible, and they are oftentimes a liability that cannot be disregarded. So while we are securing our systems, we also need to take into consideration the people and their behavior in conjunction with the systems.

“When you think of exploitation frameworks, you think of Metasploit. A system, a piece of code, a piece of software. But also, you can exploit a human. People are fallible, too.” - Mike Li #BostonSecurityMeetup @hacksecure

With a high barrier to entry, OSSEC isn’t easy to use. “Aw yeah OSSEC has a great UX!” (crowd chuckles) With a high barrier to entry, OSSEC isn’t easy to use.

“Aw yeah OSSEC has a great UX!” (crowd chuckles)

Embedded content: https://static1.squarespace.com/static/5552e203e4b05a323bd23602/t/57aa1244e3df2821d23e3821/1470763604251/?format=1500w

osquery is an open source framework used to easily and efficiently write SQL-based queries to accurately assess the current state of a system. It was intended to serve as a simple and reliable solution for Facebook’s intrusion detection issues, and has since evolved into a powerful community-driven framework that many companies leverage today.

After Facebook shared the initial osquery code, allowing for public use, the public in return has continued to test, alter, and make additions. What began as 27 SQL tables implemented via an easily extendable API, has now grown to 180 tables directly due to community contributions.

Mike Arpaia went on with tips on how to proactively find malware through the use of query packs and scheduling. To close, he extend an invitation to all listeners to test and reform the continuing osquery project. With over 6,434 stars, 900 contributors, and over 3,000 commits, osquery remains of the most popular repos on Github today.

~~~~~~~~~~~~~~~~~~

Thank you Mike Li & Mike Arpaia for your time and expertise!

If you missed the July event, make sure to check us out at Boston Security Meetup, and RSVP for the upcoming meetup on August 11th!

HACK/SECURE UNITES 25 OF THE TOP ENTREPRENEURS IN CYBER TO HELP FORM AND FUND 100 U.S.-BASED CYBERSECURITY COMPANIES OVER THE NEXT THREE YEARS

We're excited to announce our hack/secure syndicate. Check out the article from Fortune and press release below.

First Investment Kolide Raises $1.6M and Assembles Top FireEye and Facebook Technologists to Found Stealth Cybersecurity Start-Up

BOSTON – June 27, 2016 – Today, serial entrepreneur and venture capitalist Chris Lynch along with partner Cort Johnsonunveiled hack/secure, an invite only investment syndicate to help U.S. citizens build cybersecurity companies to ensure the United States leads the global effort in protecting the free world. At launch, hack/secure includes a syndicate of 25 of the industry’s pre-eminent and proven entrepreneurs investing in the next generation of cybersecurity entrepreneurs. The organization already has local presences in Austin, Boston, DC and New York.

hack/secure was founded and is run by Chris Lynch and Cort Johnson. The 25 entrepreneurs and angel investors forming the syndicate serve as hack/secure leads. Using the power of the AngelList platform, when a lead finds a company they want to invest in, hack/secure backs that lead’s investment with up to $250,000 of additional investment capital.

“The world runs on software. It powers everything from the banks that govern our financial system, the computers that fly our airplanes and drive our cars, to the power plants that generate our energy,” said Lynch. “WWIII is already underway, and it’s a cyber war. We believe it will be won with hands on the keyboard, not boots on the ground. The cybersecurity industry is just as important to protecting the free world as the manufacturing industry was to supporting the Allied forces victory in WWII. hack/secure is our effort to ensuring America leads the protection of our way of life and that of the free world.”

hack/secure in action: Kolide

hack/secure’s first investment is Boston-based cybersecurity startup Kolide, a promising new venture formed by top technologists from Mandiant, FireEye and Facebook. Kolide has raised $1.6 million led by Dustin Willis Webber, CTO and co-founder of Critical Stack. Dustin has built a legendary reputation in the infosec community for his numerous key open source contributions, founding multiple successful security startups, and for the sheer speed at which he delivers innovative products. His investment is backed by hack/secure, Liam Randall, CEO of Critical Stack, and other security experts from its syndicate.

Kolide is led by co-founder and CEO Jason Meller, formerly Chief Security Strategist at FireEye. The founding team also includes Mike Arpaia and Zach Wasserman from Facebook’s elite security team, where the two built and open sourced osquery, which is used to ensure the security of hundreds of thousands of Facebook’s endpoints.

“Jason approached me with an incredible idea to leverage open source technology at the endpoint to solve some big challenges in a way I had never seen before,” said Webber. “As someone who has built their entire career contributing to and relying on open-source technology, I understood the benefits to that approach instantly. What you have here are the raw elements to break the endpoint market wide-open and I knew that if we could bring in additional open source innovators like Mike and Zach, we’d have something super special here to invest in through hack/secure. “

Kolide’s mission is to take on the nascent end-point security and dev-operations space by building an enterprise-grade experience and tooling around Facebook’s popular osquery project.

"Wide proliferation of network encryption has effectively neutered some of the best detection tools security experts have relied on for decades,” said Kolide CEO Jason Meller. “Visibility at each individual machine is the only remaining effective way for organizations who care about cyber attacks to regain that lost sight. Unfortunately, most the endpoint technologies out there are proprietary, and you are effectively trusting the vendor that you aren't introducing more holes. An open source solution like Facebook’s osquery, which can be scrutinized and improved by every expert in the field, is the solution. A ton of organizations are already making a major investment in osquery because of its current capabilities. When they see the value we add with Kolide, their bet on the technology will be paid off 100 fold.”

About hack/secure

hack/secure is an investment syndicate of 25, and growing, of the top minds in the cyber security industry. The organization’s board of directors act as managing directors of their region across the U.S., and initially include:

  • Washington D.C.: Liam Randall - Founder and CEO of Critical Stack
  • Boston: Dustin Webber - Founder and CTO of Critical Stack, Founder of Threat Stack
  • Boston: Jen Andre - Founder and CEO of Komand, Founder of Threat Stack
  • Austin: H.D. Moore - Founder of Metasploit (acquired by Rapid7), Principal at Special Circumstances
  • NYC: Dan Guido – CEO and Founder of Trail of Bits

Members of the hack/secure syndicate include:

  • Bob Brennan – CEO of Veracode
  • Corey Thomas – CEO of Rapid7
  • Mike Viscuso – CTO of Carbon Black
  • Art Coviello – Former CEO of RSA
  • Tim Belcher – Former CTO of NetWitness
  • Sam King – CSO of Veracode
  • Patrick Morley – CEO of Carbon Black
  • Dustin Webber – CTO of Critical Stack
  • H.D. Moore – Founder of Metasploit
  • Dan Guido – Founder and CEO of Trail of Bits
  • Jen Andre – CEO of Komand
  • Liam Randall – CEO of Critical Stack
  • Brian Ahern – CEO of Threat Stack
  • Adam Fuchs- Founder of Sqrrl
  • John Langton – Founder of Visitrend (Acquired by Carbon Black)

NSM WORKSHOP LEVERAING BRO

Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.

This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on container based training environment. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.

Students should be well versed in TCP/IP and networking fundamentals and come prepared with a workstation (Linux, Windows or Mac) with an SSH client to connect to the training environment.

Speaker Info:

Liam Randall - CEO, Critical Stack

Liam (@Hectaman) founded Critical Stack to containerize security infrastructure. He has focused on end-user training, application development and advanced NSM at large scale. A frequent speaker at security conferences you can usually find him training users on the Bro Platform at workshops, conferences or online.

VIDEO RECAP: A JOURNEY INTO THE DARK WEB

We had a great turnout at our first Dark Web event with over 100 people joining the conversation about cybercrime and anonymization networks. I want to thank Will Lefevers and Ben Brown for their fantastic talks. I recorded both talks as best I could. If you're interested you can watch the presentations below.

Will kicked off the evening talking about anonymization networks, specifically Tor. He discussed design and implementation flaws, as well as established techniques for de-anonymizing users and sites.

Embedded content: https://www.youtube.com/watch?v=-E2HkRa0ESM

Ben followed with his talk on cybercrime. He discussed the tools, techniques, and procedures used by this new generation of e-launderers and cyber hustlers.

Embedded content: https://www.youtube.com/watch?v=CWXH7AagfrI

Stay tuned for future Dark Web events that we will host by joining our newsletter on the hack/secure homepage!

VIDEO: BOSTON TECH FIGHTS CHILDHOOD CANCER RAISING $400K FOR ST. BALDRICK’S

Boston's technology community raised over $400,000 to fight pediatric cancer with St. Baldrick's. Watch the video below to learn more about the people who supported this great cause and why they stepped up to fight this terrible disease.

Please join us in the fight for 2016 and help us raise more than last year's $400,000!

Embedded content: https://www.youtube.com/watch?v=qxZGkhMwVwE