My name is Mauro Risonho de Paula Assumpção, my surname "Risonho", in Portuguese-Brazilian, means "a funny guy", which is what I am. I'm funny, when it's meant to be, but seriously when we have some serious ones. I try to live life in the best way, to work well focused on the results, I am self-taught and I like to create/develop new things. For example, in addition to software for pentests, I'm developing security software for popular cars, which does not have this factory. I simply like to create and innovate by nature.
My project today is already partially developed and is called VulcanoIO.org. Today I have four Raspberry pi 3 IoTs (but I need 255 IoTs to form the cluster and scale this project) that reverse engineer more than 40 million samplers (which I collect from the internet, +16Terabytes), which I use to get information on public vulnerabilities and 0days. This project is open source and for the community, saving a good amount of research time. Today we participated in two Facebook groups of reverse engineering of malware and forensic analysis (1 group with + 25k members and 1 groups with + 9k members), and we are slowly gathering information with these groups. Interestingly, there is no licensing cost on this information. Contribute who you want.
[PT]: What about Github? You said that your project is opensource and from what I know, Github is very popular and has an amazing community. Are you planning to post your project there?
[MR]: Yes. We have a Github account, which is a URL https://github.com/vulcanoio , and we use source codes from various known projects and we also have our own source code, composing a project hub to build our solution.
[PT]: How did the idea of organizing it appear?
[MR]: I have several contacts in the world ( I have some contacts and follow for global sale, to the whole world (Companies, Schools, Banks, Governments, Military and other companies and institutions) and I have also done many pentest projects manually during my career and I noticed that there are successful pentests and others are not. And also that there is a great demand to make pentest projects quickly, in large and huge networks, in the cloud, in datacenters and other structures. There are situations where having a team that makes it manually and dedicated is still not enough. So you need to automate, to save time, be efficient and save money from end customers.
[PT]: So how will your project automate this process?
[MR]: I know that malware that infect successfully (step 1), I'm thinking of creating a reverse engineering of malware (step 2 connect to VulcanoIO.org project), identifying which vulnerabilities public or not (0day) (step 3) and then creating exploits for pentest (final step).
Functional macro view:
Our project collects samples of malware, in the sequence, an analysis is made of the collected malware (reverse engineering) and the result of the analysis is stored in a database.
The results of the analysis are manually and automatically (as appropriate) correlated with known public vulnerabilities and unknown market vulnerabilities (0day), which we detect at the time of malware analysis.
When this step is complete, it is also stored in a database.
After Stage 1 and 2, the information is encoded (manually and automatically, as the case may be) in a framework that we are developing in Python, C/C ++, assembly (and other languages, if necessary). From there, we have a version of the open source framework for the community, with exploits that focus on the home version and a version of the proprietary framework, with exploits focused on the corporate version, companies, governments, etc.
For example, in the open source community version of the framework, there will be exploits for home routers, for testing whether they are secure or not, unlike the proprietary corporate version where a company has a data center where malware uses a VMware vulnerability to exploit via exploits and gain access to a wide variety of virtual machines in production.
[PT]: Why is your project interesting and innovative?
[MR]: No other project in the market uses reverse engineering malware research to create exploits. Malware is an input type for the project process that we can purchase without limit and total free. There is no malware license, for example. So it's a cost equal to zero.
Malware is known by its nature, to successfully target targets, and to evade and invade defense systems. Pentest is exactly that, it's an invasion test.
But for malware to be efficient, vulnerabilities must be found.
So using the results of malware reverse engineering, correlating with vulnerabilities, encoding exploits, using artificial intelligence, can scale and sell as a product and service to millions of customers around the world.
[PT]: What kind of audience can be interested in that?
[MR]:Sell as a service to companies in the USA, England, and Dubai, where I have some contacts and follow for global sale, to the whole world (Companies, Schools, Banks, Credit Card Companies, Fintechs, PCI-DSS https://www.pcisecuritystandards.org/, Governments, Military and other Institutions).
[PT]: So you sell your services. I didn’t find any information about it on your website. I thought that your project was opensource, but there is a premium version?
[MR]: In fact, I think I mispronounced the translation between our languages, to that question, based on the previous question. What I meant is that we have contacts in various institutions, according to the previous question, but at the moment we only have part of Step 1 and we need investors to complete all the steps successfully.
Even with part of Step 1, we are already generating information for the community, but we need more infrastructure to do the corporate version / premium, as well as Steps 2 and 3.
So far, we have come here through donations from people who bet on my idea, but we need investors to leverage and scale this business.
[PT]: How is it different from other similar projects on the market ?
[MR]: The difference is exactly in greater effectiveness due to reverse engineering of malware, correlating with vulnerabilities (published or 0days), exploit coding and the use of artificial intelligence.