Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.
Josh Schwartz, director of offensive security, and John Cramb, a senior offensive security engineer based in Australia, were sacked by a senior Salesforce executive via text message, according to sources familiar with the matter.
The duo were told in a message, sent 30 minutes before the start of their talk, that if the presentation went ahead, they would be terminated, it is claimed. Schwartz and Cramb didn’t see the text in time, gave their talk, and shortly after leaving the stage, Schwartz confirmed they no longer worked at Salesforce.
The talk centered on an internal project called MEATPISTOL, which was described as “a modular malware framework for implant creation, infrastructure automation, and shell interaction.” It’s similar to the popular penetration-testing tool Metasploit; that MEATPISTOL is an anagram of Metasploit is no coincidence. The plan was to open-source MEATPISTOL, although this move was resisted by bosses and lawyers at Salesforce despite being signed off earlier this year.
Schwartz and Cramb were part of the San Francisco financial cloud giant’s red team, a group of hackers specializing in testing and strengthening network security by finding and exploiting weaknesses. They had been working on MEATPISTOL to help other red teamers do their job. Here’s a description of the code and the presentation from the DEF CON website:
Attention Red Teamers, Penetration Testers, and Offensive Security Operators, isn’t the overhead of fighting attribution, spinning up infrastructure, and having to constantly re-write malware an absolute pain and timesink!?! It was for us too, so we’re fixing that for good (well, maybe for evil). Join us for the public unveiling and open source release of our latest project, MEATPISTOL, a modular malware framework for implant creation, infrastructure automation, and shell interaction. This framework is designed to meet the needs of offensive security operators requiring rapid configuration and creation of long lived malware implants and associated command and control infrastructure. Say goodbye to writing janky one-off malware and say hello to building upon a framework designed to support efficient yoloscoped adversarial campaigns against capable targets.
Within hours of giving their talk at 5pm on Friday, July 28, Schwartz tweeted that he and Cramb had exited Salesforce. He later removed the tweet after pressure from managers. Cramb later tweeted to say they “both care deeply about MEATPISTOL being open sourced and are currently working to achieve this.”
A spokesperson for Salesforce declined to comment as the matter involved individual employees. Schwartz and Cramb could not be reached for immediate comment. The pair are being represented by attorneys at the EFF, who told The Register no legal action has been taken so far by either side as a result of the DEF CON presentation.
- Story written by: Katyanna Quach, August 10 2017
- Content orginally located at: https://www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engineers_after_defcon_talk/
- Image credit: Shutterstock
Ready to protect your data? What You Can Do:
- Immediately, install a FREE 30-day Trial of EZProtect Antivirus and connect it to your Salesforce org(s) to start scanning files, document uploads, or chatter for viruses or malicious content. Once this is complete, you will have a sense of how many files your organization scans per month and you will be well poised to convert to a paid plan.
- You may also download the full brochure with FAQs and schedule a demo to better understand how the tool works inside and outside of Salesforce by visiting www.adaptus.com/portfolio/ezprotect/.
- Or call 800-955-0573 to request a demo