Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Can I use ruby to ...? Create Websites? Yes Create Applications? Yes Wreak havoc, write exploits, and hack stuff? Of course! During this session we will analyze different exploits and tools written in Ruby by the author: from scanners and bruteforcers to C2 servers and complex exploits. Each exploit will be explained in a simple and friendly way for newcomers, and different samples and libraries will be shared so that anyone interested can start building its ruby-powered hacking toolbox. There will also be a short lab demo of these tools. Take a seat, grab an exploit, hack stuff. RubyKaigi Takeout 2021: https://rubykaigi.org/2021-takeout/presentations/MauroEldritch.html
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the video titled "Crafting Exploit Tools and Havoc with Ruby" presented by Mauro Eldritch at RubyKaigi Takeout 2021, the speaker explores a variety of security tools and exploits built with Ruby. The talk is aimed at both newcomers and experienced developers, guiding them through the creation of various security tools ranging from defensive mechanisms to offensive exploits. ### Key Points: - **Introduction to Mauro Eldritch**: The speaker is a passionate hacker and founder of the VCA and DC5411, known for focusing on security at various events. - **Structure of the Presentation**: The session is divided into three categories: defensive tools, intelligence tools, and offensive tools, increasing in complexity throughout. #### Defensive Tools: - **Leak Analyzer**: A self-hosted search engine for compromised user credentials, with less than 100 lines of code, implemented using Sinatra and Logger. It's akin to haveibeenpwned.com. - **Charmander-B**: A lightweight tool under 60 lines for parsing logs and generating locking rules to protect against bad traffic. #### Intelligence Tools: - **Ghost**: A tool that fetches threat intelligence updates via the Alien Vault OTX API and runs as a Telegram bot or API, built with around 130 lines of code. - **Binautory**: A service that identifies potential trolls on social media by analyzing user statistics using the Twitter API, aiming for a future release as SaaS. #### Offensive Tools: - **GengarBi and HunterV**: Basic brute-forcers for SSH and FTP, demonstrating initial offensive security concepts. - **Capybara**: A command-and-control (C2) server that acts ethically for educational purposes, using various APIs to showcase command execution. - **Complex Exploits**: The speaker discusses how to exploit Docker container vulnerabilities with two projects: PASU and LEMPO. Another exploit, "Mime", targets smart digital assistants, manipulating their microphone systems to install malicious extensions. ### Conclusions: - Ruby's versatility and simplicity make it a popular choice for developing security tools, as exemplified throughout the session. Eldritch encourages attendees to explore and build their own projects based on the concepts presented, fostering an active interest in security intelligence and tooling. In summary, the workshop effectively showcases Ruby's potential in creating a wide range of security-related applications, inspiring participants to innovate and collaborate in the field.
Suggest modifications
Cancel
