 So what we are going to be focusing on today is a few slides, hopefully 20 minutes of slides and then a demo, big demo, 20 minutes so in the different parts of the framework. And these are the main areas we will be touching today. So first, in the beginning there was nothing. There were tools for information discovery such as port scan, vulnerability scanners, tools for exploiting, exploit repositories, metasploit, tools for reporting. Every company or every group had their own way of creating a specific template or using whatever tool to do like a custom tailored report. So what about sharing the information that you need before you get to any real hack or any real result? On the other hand, you may think that is something that it's not really needed but there are a number of scenarios where you require that kind of thing. For instance, it is not uncommon that some of the people in the team is in the office, some of the people in the team is around the world. I'm talking here about security professionals but the tool is also useful for other groups of people that want to collaborate or do some security related stuff online, VPN or in whatever means. So security professionals is one people can benefit from the framework but there is a broader audience definitely. So in other instances you are asked to go to a warehouse where there is no way to call back to the mother house so you cannot have a system or you cannot depend on something that it's in the office or something that is in your home if you can't really get into that. So you will need something to take with you when you are disconnected offline and also sometimes, and this is more for security professionals, the scheduling is not so clear or so clean and you don't know what you are going to be doing next week or the next day. So probably the best way of bringing people up to speed have the way through an assessment or have the way through a review is to have a central repository of information where everybody can go there, check out what everybody else has done in the past few days and just avoid overlapping doing stuff that has already been done. So the DRADIS project, where the goals, we will be talking about the technology behind the scenes things that have happened since 2007 which is when it started and also why we are calling it the DRADIS framework. So project goals for easy goals, it's sharing information effectively. We want a tool that just enables that, we want like a bucket where we can put all the information in, everybody can contribute information and then hopefully we will be able to get something useful out of that. Easy to use and adopt because otherwise the people just won't go for it. We know that everybody has their own way of doing things and unless we provide like something that it's really flexible and it's really easy to use then they won't bother and they will still be using their own tools or their custom method for doing it. About flexibility, DRADIS core or the core of the framework is just about holding information and then you can extend that in as many ways as you want. We will see how you can extend that to get some information from tool output into the system or to generate reports or how to get information from say like a vulnerability database that you may have in your environments how to feed that data into the framework. Also as we mentioned before sometimes you go offline and you need to something small and portable that you can take with you so it doesn't require big infrastructure. It is done in Ruby for the server side component we are using the Rails framework which is quite powerful and gives us both web services interface using REST and our standard web interface. Back in databases whatever you want by default is SQLite so you can also port that. On the client side components you have also Ruby clients there is a console client and a graphical interface that you can use to feed information in. And actually the way it's going to work is every team will have one server or one probably it's going to be the team lead that it's holding the information and then the other members of the team will be contributing into that server. So since 2007 we've been quite active and since the release of the 2.0 version in February this year we are getting some traction there are lots of people using it and we are getting also contribution from like groups and companies also around the world. This is a view of downloads from SourceForge that February is our highest ever of a thousand downloads and it's getting from the beginning in 2007 I think we started in summer and we published in SourceForge in late December I think and we are getting there. So why it's like this? Think that I hope that most of you know it's one of the systems that they have in a sci-fi series called Battlestar Galactica and for them it's like the radar system they have they don't have windows they can look through and this is the way they get the information in for when they are getting attacked or whatever if you don't know the Battlestar it's about robots chasing humans in the space. So they need to know when the robots are coming and the only way they have to do that or they rely on this system called RADIS to know when they are being chased and I think that the real metaphor is that everybody is just wait a second so that is what it's called RADIS in the series and if you see there are some other screens all over the place that have RADIS so the idea is that when something happens and I believe it's about to happen everybody knows where to look at yeah there you have it so the robots are here and everybody is just and everybody is looking at the screens and everybody is relying on everybody knows where the information is and where to get really the latest information available so that goes for what is white RADIS and so really fast what the an overview of the framework what are the things that you can do with a framework how can you extend the framework with plugins and what is this new component we have created called the meta server so RADIS is a bucket of where you can put the information so one source of information will be the team feeding information into the system then you can have some tools that will feed also information into the system we have plugins that will parse the output of these tools and just dump it into the system also it's not exactly the same but you can have other systems in your environment that can feed information in say you have a repository of vulnerabilities in Wiki or in a vulnerability database so you can also get that information in and ideally you will produce some sort of report some sort of result and this matches the three different types of plugins that we have the first type would be the upload plugins so you can upload a file and get the information out this would be the import plugins where you can import information from a different source and also the export plugins how do the plugins work we are following one of the rails ways of doing things which is conventional configuration so you can put your code it is in Ruby so you can put your code in Ruby and the only thing you need to do is just include it in the right place so you would have created the end map upload plugin and you include it inside plugins and upload or if it's export or import you do the same also to make things easier there is a helper script to generate every type of plugin so you can script generate, upload plugin, export plugin or import plugin and then that will create all the code you need and it will also create the include line so you only focus on your business code and finally what the meta server is the meta server is something that we've been looking at from the very beginning because okay first when we thought about the meta server we thought this is going to be cool because it's the way that we are going to be able to manage different projects and to get something out of that so also keeping in mind that Dratti's main goal or one of the goals was to be portable and usable offline but there is sometimes a need for multi-project management and that is what the meta server is so again in the office context you will have different teams doing different things it will make sense to have all those projects centralized in a single location again this can be applied not only for the office environment but first for yourself if you are contributing with different groups then it can make sense for your own reference to have a central repository and also if you want I know that some people is using this for instance to keep an historic note so whenever they find something interesting they add that to their own Dratti's repository so for future reference so that is one of the main things you can do with meta server which is archive your projects and get them for future reference if you are in a company say you test something the client comes back in a year or six months and says give me a retest then you can pull the project down see all the problems not just the report but all the evidence all the false positives everything you checked go through that and retest more things you can do with that is if you have everything in a central place just easier to back up and possibly do some intelligence over it you will be able to provide or to find out if something is getting better if something is getting worse how many issues you found that time if the number of issues is increasing, decreasing possibly there are some other business stats that you can get or business intelligence related stuff that you can get out of the central project repository so that was it for the slides and let me show you the tool this is how it looked like as I said you have a web interface let me try to make that I don't know if it will scale that good but it seems like it so the idea is that you will have on the left hand side you put your information there you structure it in like a tree and you can add different as many levels of you want and you can structure because also different people want to structure it different ways and from one project to the next one it doesn't make sense to enforce like a given structure so it's just a tree and you can add leaves and nodes wherever you want and then on the right hand side here you have different things you have nodes import and attachments let's go through that for instance I have here a few nodes a node let me make that little slow so a node has this concept of different fields so that would have a title field and a risk field and then some other fields that would be interesting for whenever we want to create a report or if you want to get something out of the node you can get it from the different fields then the import node it's the hook for the different import plugins in that case we can try to use this vulnerability database plugin and run a third search I have here sorry a different application in tab three which is a vulnerability database and I can I have created a plugin to connect various to the vulnerability database and I can run a query on sessions and it will give me all the results that I have all the matches in the database and then I can have import that into my current node and in doing that I can save potentially some time so other things you can do is for instance here you can generate a report in order for a report to be generated let yeah it has to be in the in the right category in this case we are going to generate a word report so we do it like that or not here you generate the report and you can download the report and open it with open office or office or whatever and another thing that we have seen is that in order for the people to use this kind of tool you will have to have an easy way of passing templates to the tool so I created this sample templates it's just a word document and I wanted to show you how easy you can convert any work document into a template for for the framework so this is basically just a standard document and the only thing I have done is here create some custom properties for the document so I have title, risk you can see it very well but title, risk, description and recommendation and what I'm going to use what I'm going to do is use those fields as place holders for the information on my database so here I will insert the title and a risk and I have a different field which is the affected host these fields match the information I have in the notes in the database and it's the framework is agnostic to this so you can choose the set of fields that you want you input the fields in the database and then you tell word to put the place holders here and here and this because this was just an example I have two issues I will only need one and here I will have again the risk the issue description and the issue recommendation and so now if you click on any of these you see that they are a standard custom properties you get the great thing also here the title so the last thing you need to do is use this developer tool which will associate the drudges schema to to the report and then you can select the different sections on the report that would be the first section and just select the thing the slice of the section that you want to repeat for every note in this case when we want a new row for every note so that would be your template and for the second section that would be the second section and we want to repeat this little bit so with that we have generated the report we save it as a word xml call it template and only with that and only using word we have gone from a document to a template that we can use here right now and I don't think that you need to refresh this so if we generate the report and save it in this last step maybe you need to trust me on that one but it will generate the report using the template we have already or we have just created give it one more shot and just let go that is the template we have one row for each of the issues and all the fields are filled in so that goes for the export plugins and what else do we have here we have note attachments which is quite useful if you have a screenshot or whatever and you want to add that and send it so everybody else in the team can have a look at it and the last thing that I wanted to show you is the import set of plugins we have a few of them say you import an esus file from in XML format it will parse the file add it to the repository and then here it is and it has also created some fields out of the esus output so that is also potentially quite interesting and that is what it goes for the standalone server and what I was telling you before is this multi-project approach or multi-project component called the meta server where you will have your different projects each one with a revision when you you can create a new project and check out a revision from the repository or you can just create a new project altogether for instance if we export it and commit it to the meta server once that is sent we will have a new project here for everybody to use and then you can edit the properties and just call it just the defconn project and from now on the next time you initialize your body server you can check out a revision or start a new one and I think that's about it the last thing we added last week was quite interesting and it may have more use in the future we have created a hook with email so you can send emails and the content of the email will be added to the repository database so if we try that I have here a filter that will detect a druddy's note email and just some test text you can also maybe add an attachment and just send it it takes a while so I have a hook in my email server that will send the information to the client to the repository and once it is here because I also have this hook in my own account so that one it's here so it should be already there so here are my email notes with some header information the test text also if you go to the attachments section you will see the attachment that that has been sent and I think that's that's almost everything I wanted to to show you today and one other maybe interesting thing is in the project export you can create templates or you can save the full project you can save it like for a local copy or whatever but templates would be interesting say for instance if you want to follow a specific methodology you can create the template for like web applications and save that and every time that you have to use or to have to test a web application then you can load the template and know the steps that you need to follow and I think that that is all for the demo and just thanks for being here thanks for the people that have contributed here some guys from MWR and Daniel and Siebert also Spinbad contributed the Nessus module and some people from S21seq in Spain also contributed and what's the call for action here it's just give it a shot and see if it works for you see if you can get something useful out of that let us know if there is something missing that you can that we can do for you or that we can do that will make you or that will make it work for you and channels to do that is the website there is a community there is a forum for that there is also and we are setting up the IRC channel and also if you want to send me an email instead of the mailing list that that also works so that's all for my chat unless there are any questions yes it does work with open office it generates a report in XML format that you can load with open office but I don't hear you very well I don't think you can at the moment it's maybe something to look into because I'm sure there is an equivalent functionality of having the XML schema associated with the document and and it should be possible but I'm not sure any other questions so that's it