Jacob Latonis
Staff Software Engineer, Threat Research @ Proofpoint
Washington, Washington, D.C., United States
Actions
Jacob Latonis is a staff software engineer on the threat research team at Proofpoint. Right now, he is focusing on building internal tooling and developing accessible, performant software that helps protect the internet and empower researchers. He enjoys contributing to open source and has contributed to projects such as YARA-X and Ruff.
Links
Area of Expertise
Topics
Open-Source Software: Not as Simple as You May Think
Open-source software is a huge part of the security community. There's open-source tooling in use by defensive teams, offensive teams, development teams, and more. Additionally, there's audit and compliance risks of open-source. There are also security perspectives and an attack surface that need to be considered when organizations use open-source software. Overall, lots of companies, teams, and individuals use open-source software (OSS). It's usually summarized as free, public code software that people can use and do what they want. However, the world of open-source software is a lot more complex than one may initially think. There are contribution guidelines, benevolent dictators for life (BDFL), licensing complexities, and a whole lot more. This talk aims to explore open-source from both sides: a consumer and a contributor. The talk allows a deeper dive into what it takes to contribute to popular open-source projects as well as the types of communities and realities that develop around open-source and the projects that live in the open-source realm.
Open-source software may be publicly available, but that doesn't always evaluate to free: time to understand, time to implement, time to modify, time to evaluate from a security perspective, and lots more can be considered hidden costs when evaluating open-source projects for use in enterprises, startups, or even small personal projects.
Communities grow and evolve around open-source software. There are numerous archetypes of communities in open-source: vendor-driven open-source, BDFL-driven open-source, small contributor team but massive user-base, the only users are the contributors, and more. Diving into these user groups and types allow people to see open-source in a different light, and may just inform them of the reasoning why they "just won't fix my simple bug!"
Leveraging the power of open-source communities and software is a complex topic that can be difficult to wrap one's head around. There are contribution guidelines, project road maps, pull request templates, maintainers, core contributors, and much more. I plan to elaborate on these different scenarios, empower people to feel like they can contribute to open-source, and educate them on where to start/how to begin.
Finally, the talk will wrap up by evaluating how some of the most popular and fastest-growing open-source projects are being run in the open-source world and how people can contribute (or even start their own)!
Leveling Up Ghidra: Learn Ghidra Plugins with a Game Boy Game
Ghidra is already a well known and widely used platform for reverse engineering. Ghidra provides a platform for plugin development and use. A lot of the work for RE, however, is done manually via researchers each time they RE. This talk enables researchers into a glimpse of what is possible with Ghidra plugins by discussing the philosophy of what can be automated and done via plugins to prevent toil and improve efficiency. This talk and demo aims to enhance researchers knowledge of the possibilities of Ghidra and its Plugin System by walking through how to build a Plugin to aid in reverse engineering Gameboy games and the information embedded in them, which provides a fun and unique view into what is possible with Ghidra Plugins.
The talk aims to lay the groundwork on common use-cases researchers encounter in Ghidra, potentially automating some of those factors, and looking at what can be implemented. It may be difficult to view all the potential use-cases in an abstract way, so what better way to show a use-case than by walking through the development of a plugin and use of it for extracting information out of a Gameboy game and how to develop the plugin that does so.
Starting with the use-case and potential motivators for why a researcher may want to develop or promote the development of a plugin, this talk will break down a pattern for designing the plugin, accomplishing the requirements of the plugin, and the actual development of the plugin in Java and/or Python code. Additionally, it offers researchers who may not be development focused an insight into the world of development in both plugins for Ghidra and general. It allows for context gained on what may be possible and able to be pursued in the plugin space for Ghidra.
Ghidra plugins offer both processing power and the ability to show visuals via the GUI to the researcher. This allows for an automated approach to extracting information from a binary (in this case, a Gameboy game) and presenting it to the user in a standard, uniform way each time. The Gameboy game is a good, fairly straightforward example to show how this methodology and development can be useful for researchers and analysts.
While this presentation takes the aforementioned abstractions and applies them to the RE and information extraction processes on a Gameboy game, the principles and benefits can be abstracted to analyze multiple different file types and use-cases, such as PE, Mach-O, ELF, and more! It can promote a streamlined, repeatable workflow when you leverage plugins to do initial canvassing or to begin analysis of a certain binary.
The presentation will wrap up with a demo of the plugin in Ghidra that was imagined, designed, and implemented during the course of the presentation, as well as an open-source repository to provide to researchers to explore the source code and such as they see fit. The open-source repository allows for users to take what they like from the code and modify to get up and running quickly and easily.
cackalackycon Sessionize Event Upcoming
BSides Colorado springs Sessionize Event
BSides Boulder 2024 Sessionize Event
Jacob Latonis
Staff Software Engineer, Threat Research @ Proofpoint
Washington, Washington, D.C., United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top