Matriux Leandros: An Open Source Penetration Testing and Forensic Distribution

okay uh this is my presentation about a limux distribution called Matrix Leon Ros uh I'm the lead developer and I'm metor by Joshua bres go by 742 and that's my Twitter handle and the website okay what I do is I'm not into security most of the times but I like the development stuff uh oops so reconnect the cable uh which cable the video cable okay there you go all right sorry about that okay uh I'm a researcher mostly into smart grids and Scala systems and I said as a lead developer for Matrix of blogger sometimes uh I'm a recent graduate graduate from Texas St University in computer science uh I just graduated in May and I'm a

part web developer to just earn money and feed myself and as a staff there you can email me at PR matrix.com or I go by the Twitter handle V4 jwl and that's the website matrix.com and there's a warning for you people who previously attended my talks short serious issues with mental health and these are some of the reactions from my previous talks and I want you uh okay so I'll just go through why we started this Matrix uh many people keep asking me why are you working on Matrix when there are thiss like backpack backbox Samurai and many other there so one answer for them is that not all of them are same there's much difference like there are many

desktop variants like Debian ubu slackware art clinic and many of them so why can't we have that kind of thing in security so that's how we started and we just follow the free spirit of Linux to do that and 2 years back or 4 years back I know nothing about Linux uh even to get it booted on my computer I us to take days or someone's help to get it done so I thought this was a good way to learn Linux and and also uh when I got into it uh there are some issues with already existing dis RS there uh and they need some manual configuration to be done to actually get them working so just to

overcome them uh and make it pretty easy to get booted up and just start running your applications or tools for your security scanning or framework or anything so and that's the one and initially it was started just so that you know to meet our needs and just to have a bill on my computer or my teammate's computer to just work uh to have the tools and applications and packages that we needed but then it just got popular so we had to make a full Sledge distribution so these are challenges we faced uh initially we started off with slacks but then slack at own limitations because a Linux Dr or security Dr mostly needs to be you know put at a live or

through a flash drive and if you go through slacks it takes a lot of time to B up and people would ha that so and then we switch to Ubuntu and uh we work with three variants uh based on ubu and right now uh the last version was based on Debian and the next one is kind of a hybrid between Debian and slack it's mostly a Debian look like and Dean feeli but the colel level and some of the stuff is near to slack why I emphasize on slacks is because slacks uh file system compression is too high if you look at a Ubuntu or Ubuntu basic ISO for your desktop and if you look at the slack ISO it's there's a ubu

comes with a 700 mbf ISO and slack comes with the same set of tools and applications you need for your desktop in a 350 or 300 MP so that's the difference there so when you come to a Linux uh security D you mostly want want it to be booted from a flash drive or from your disc so you want it to be as small as you can so that there are different flash drivve one gig 2 gigs 3 gig 4 gigs so it would be better to have a uh build that would come up in a 1 gig or 2 gig so that's the reason kind of like we started with that and initially we I personally lack experience with

Linux and I'll say that and there were issues with collaborating with different uh application developers and others and we like the infrastructure to get it done and the legal issues uh because you know all about exploit development and things like that and definitely the financial issue so it was launched in 2008 based on uh slacks like I said and two variants of huntu but when it really picked up was when we moved to Debian in 2011 and Matrix was the first one to be based on Debian all the other Linux Dr which were into security and forensics were mostly based of ubu by that time and we pretty much Contin the sticking with Dean for a long time and hope that

uh we'll stick that stick to that because Dean is pretty good when you're considering to develop stuff and you know get get them [Music] together so who should be matrix it's uh designed to be used by pentesters forensic investigators Auditors and system and network administrators exploit developers security enthusiasts and Casual Linux users because it also has uh applications and tools package for your day to use day-to-day use Linux so that's how we plan to cover most of the group of users so the new things in this build are it has 330 plus tools for pentesting forensics and second and for everything so this has the latest 3.9.4 kernel which is pretty much customized uh it's directly picked up

from the kernel sources and pretty much crafted so that it can work good with metrix uh it's patched with scash and off modules and it's also passed with XZ compression so that you can compress the file system to a good level and also it's uh made sure that even if the file system is compressed pretty high it doesn't you know disturb the booting time or something like that so all the tools were updated until two days back tools from uh Defcon uh Aral and Black Arsenal also included in that and there applications for smartphone pin testing and smartphone forensics and uh when you come to a security D there only tools like nmap metas and tools that generally you know

just focus on attack attack and attack so forensics are neglected in most of the distri so we try to have equal importance in forensics tool there are a lot of tools in forensics and Matrix uses its own update uh tool rather than a app repository the reason is uh when you go through a app repository uh it just appgate and it just installs but there are a lot of tools lying out there which doesn't have a read me or how to get it done or how it's done or what does the tool do so you to be sure of make sure that that's something of importance to the distribution and to the users uh so

there are tools there which depend on a g file or a p module and you can pretty much get it done through appg or deit and packaging manager so that's the reason we use a update tool for ourselves uh and there are some applications which were developed by our te for uh there are some scanners there are some password generators from password trackers which were developed by our team members which are in there and Matrix is uh USB persistent like I said before and there's a new section PCI DSS and compliance testing in Matrix which is never been in any Linux distribution ever so far so this is uh we organize tools in Matrix uh in a section called

Arsenal uh they go in a logical flow of the sorry logical workflow of any user so they just start with reconnaissance scanning and accessing Frameworks Wireless forensics uh PCI DSS like I just said debuggers placers and there are some tools in miscellaneous section so I'll quickly switch to uh the metrix build and this is currently a work in progress right now because we follow a 6 month cycle to release every Bild uh actually planned it to be released next month but but it's pretty much in a good condition right now and I can show

you so like I thought uh there are sections from reconnaissance scanning there a bunch of tools here and gain access there some a huge list of password trackers and password generators and there are tools for SQL injection SQL scanning and a lot of them for IPv6 consideration if someone's working on that and a bunch of framewor buil in meta social engineering toolkit W3 uh beef and some of these tools like God beef is getting released at Devon in a couple of days the source code was out there and I just checked it and it was fine so I just included in this and there's this framework subterfuge which is a kind of man in the

middle attack framework totally automated so you get to plug in your stuff there and I'll switch back to slides uh like I said these are the most popular tools that are used in the particular section I didn't list all of them the lot of them on the dis so if you get a chance you can just check them wi Shar a pretty popular Network analyzer tool Magic Tree uh and then that is framework and then in scanning we have tools for Cisco Cisco stuff and there b bunch of web scanners like almost uh 15 of them I guess and other tools which are just lying there like Google scan and blind elephant t50 Vega is

something which is getting released at Def One again it's by subgraph uh it's a completely what do you say it's a web scanner it's a exploitation tool it's like complete package for a web attack

and and okay is it visible to you okay cool yeah uh the passwords and uh this passwordless download points to uh scal security there are a bunch of passwords list there and right now I just included the rocku password list which is here and it's it's a huge list even a zip version comes to 300 MB so there are tons of gigs of passwords there but I can include it in a live D so that's the reason I just made up a You Know download password there okay and these are all the password crackers uh vbox key CMS password admin key and Cat V MVR these are all tools that were developed by one of my to

teammate is from from France Michael shanen and the most popular ones like the op crack John hyra and again the VNC PW dam is something which is developed by Michael okay sorry like I said these are tools and G crack is something uh when you come across a username uh you can just type it uh on the application and it just scans through the Google searches and comes up with a list of passwords uh and is group forer is something which works until is version 6.0 um the r cck and the next section is SQL section uh the most popular set of tools people work on like SQL map uh Minima escalator SQL brute SQL

ninja sqls and there's a section of tools for IP V6 uh a lot of them to I don't know most of the tools what really they do but yeah they are there [Music] IP V section V6 section like I just mentioned and the Frameworks the most popular ones the metlo social engineering toate W3 a have you have anyone of you ever used W3 I W3 what does it do it's a complete package for web application auditing attack and kind of everything it does everything for your website uh web P testing Stu and there's beef I think everyone of you I use that gr SC Mantra anyone has come across it ever no okay it's something

developed by one of my friends he was a part of our team or he's still a part of our team sorry about that and uh it's basically so did you ever come across fire cat no okay so this is like a uh Firefox web browser but it comes with most of the add-ons that are used for security purposes so hackme bar and uh kind things like live HTTP headers the fire FTP a lot of them they're in the gallery section like said they have their own big list of [Music] stuff so that's Mantra and Skip fish is a information gathering framework and webc sauge Bub suit and M go it's a Community Edition uh I can't include commercial

stuff in there and a bunch of Wireless applications from Wi-Fi Bluetooth white sip everything and there are also Bui applications like the pH Wi-Fi tracker J doing we web bu and web lab and pirate is a python script uh which when you have a password list oh sorry about that it just goes through that and does the stuff so there are lot of WIP stuff like I scan Sous package and then wiper River K Bluetooth uh forcing Bluetooths and the whole package of air crack uh you can interrupt me in between so it feels like I'm just talking and for for and6 uh there are sections of acquisition analysis of for and6 stuff and then there are there's a

section for meta extraction and some tools like Dash mob mob for toolkit py flag P flag is a pretty cool python forensic tool what does it do uh it's like when you have acquired uh what do you say image of uh what do you say memory or something uh it has it has it can plug in with anything like uh right from uh digital foric framework and also any python script you can plug in there uh and it can be used as a good what do you say it's a uh graphical representation of your forensic data okay so you have any B analysis tools like acire or I uh what anary analysis tools uh not right

now but there GDB as always yeah and St uh what do you say uh St tools there and this is the new section which has never been included in any distribution so far it has all the PCI DSS compliance tools and uh what you and also uh compliance testing tools uh there are some Barcode Scanner stuff um pan Buster is something which looks up for your SSN credit card numbers on a uh what do you say image you have uh there the spider Helix server the process which looks up through certain projects strings which you can just give up there uh just like and phology is something which looks up through your file system and generates a

list of licenses uh it just does does the source code review but generates the uh licenses those source sources have and just like a information gathering stuff for a code and there this okay sorry to a lot of them I never used okay I need to start

Apachi what is do okay myql

refresh so it's like a complete package for your compliance testing uh it comes up with uh doing where you can generate projects for your risk management L management uh pretty much of the legal stuff and auditing stuff that goes on in the organization uh where did you find the PCI tools uh I was contacted by isaka group and uh a person who works in isaka Bangalore just contacted me and said like hey these tools look cool and you should just try to include them in your disco and you should try to and this mail was just last week yeah and I tried it I tried them out and just uh mailed them to check if they work okay and is

it how you use it and they said they are working pretty fine and we can use it in uh a you so I said okay and just go ahead and add them uh these are the different sections in forensics uh these are pretty much tools a lot of tools that are used in uh forensics these are the acquisition tools where you gather image of a memory or hard disk or something just like I said there are also tools for uh smartphone pen testing smartphone 4 and6 the tools for Android 46 tools for iPhone for and6 uh like APK viewer APK inspector Android and for iPhone there's iPhone analyzer there's a new tool that's going to be released in black hat I think it's

done this afternoon there's no source code available but if that would have been available I would have checked it and just add up there [Music]

okay these are the following debuggers that are available right now Boomerang crash DZ he ntif and W which are mostly used and and there are a couple of tracers most of them are in included in the reconnaissance section because some of them just work as information gathering tool so some which look a little different I put them up here in the different section and like I said there are different versions of Matrix this was the last one the xentric version which is right now available for download it's on source for it's on GitHub uh it's on our website matrix.com you can just check it out this was a cleaner UI I guess but I keep changing the UI

all the time and we come up with a theme every time uh so this was a cleaner one there was a version which was had wallpapers with adult theme and uh this is pretty much table version which is out there and I don't know for some reason uh many people I talk here say that they have never heard of matri yet but the stats show that United States is one of the largest users for us uh this is for just for the major exent R version uh and it cross 100,000 downloads just to today and uh this was launched in February 2013 uh I think stats are okay for now so that's the reason we continue working

on that uh because uh we never focused on brick Crow but right now we are focusing on brick Crow and trying to let people know that there's something existing like this yeah it's the second to have highest downloads in India is because most of our team is from India so uh that's pretty much of it and I hope you download it install it and play with it and if you come up across something that seems not okay with that you can just tell us and and if you have something you say like this asks for this is okay and you can just tell us and I'll make sure that it's taken care of uh I respond we

respond every mail we get just to make sure that we give out the best in the build and what we are going to do right now is that we are going to have a public release in a couple of weeks because this is pretty much okay and it's working but the few test do need to be be done because there there there might be some hardware issues that might come up later on when we release or there might be issues with some computers which won't work uh you know just won't put up into Bui and they they they might have issues with that and one of the most important concerns is the wireless drivers because everyone wants to hook up a

you know Alpha card and do wireless pen test and stuff like that so I tried to include a lot of Wireless drivers in the Kel so no one really has to you know get it installed on your dis can then work through the drivers for the wireless cards and there are some other projects we are working on like the matri security framework uh yes I was just going to ask does it virtualize what is it virtualized run BM yes it's right now I'm running running on Virtual box I use Virtual box to develop so that every time I can take a snapshot and if something breaks up I can just switch back to there uh it's pretty much uh uh

you know integrated with virtual box uh right now this version is running in live mode I just you know mounted a live CD and running but if you see it's pretty much integrated with virtual box it's just going easy with that because if you have any other Linux distribution and have a VMware or virtual box you have to get it installed and then have the guest additions or the separate packages that you have for that to be installed so it's pretty much taken care of that it works easy with the virtual box and VMware is the download on the website is it a virtual box image Oro there's an ISO there there's also uh what do you

say GitHub repository uh we didn't upload a virtual box image because uh right now the thing is whenever even Source P whenever the download bandwidth goes high they just you know flag it and we get Ma so right now we just having uh isos on uh sour P there's a you know image on GitHub and there are also torent so yeah and the MRI security testing framework would be something which would allow you to build exploits or to follow uh practice of code auditing and we're trying to include everything that's needed for a complete pin test in that it's a work in progress uh which has just started and we are also planning to build a dam vulnerable Matrix because

the dam vulnerable Linux was stopped couple of years back it's not available anymore there's this metasploitable but there are certain restrictions to that but we I personally miss the D Linux yeah so we are trying to get something similar to that to Dam Matrix and I think that's it for my talk uh you can email me you can connect to me on Twitter or visit our website I think I can walk you through

uh what is your Latin M actually to uh it says if you don't know the path make your own path it's a Latin and Matrix was recently included in open invention network uh 8 months back I guess uh so you guys have idea about open invention Network uh it's uh what do you say nonprofit organization which supports open source softwares distributions uh it's something which is you know supported by Google HP Sony Philips and all the big corporations who try to protect the free software licenses so this is the download section and pretty much we go with usernames of root our Matrix and then tiger because all of our D were based on lion or tiger

tee as you can see right now there's a Tiger Tee logo or sometimes it's a lion H we might come up with a bear when we are done with the lions and tigers [Music] yeah and these are some of the wallpapers sorry screenshots from our previous versions just to show you how the previous versions looked like it's taking pretty long this was the from Matrix Krypton the first one uh which was the first distribution security distribution to be based on in the world and the second one like I said it's kind of an adult them and as

a I just had these two images available right now on my desktop so I just walk you through the latest one okay there's something I to show you

is it visible right now yes okay I have up going to all the time so it's the 2.6 version I'm working on and like I said the Linux kernel is totally customized and we have the latest 3.9.4 D2 and most of the Linux variants that are available to download are at most at 3.3 I have pretty much spent two or 3 months working on kernel first and then a little less of time than working on kernel to package up stuff so is the kernel where you put the the majority of your development work into yes the thing is uh every time I work on kernel it's something like new to work with but when you work with package

management and packaging stuff it's kind of routine stuff you do so they get pretty quickly done but when working on kernel the kind of break up sometime and also the kernel when you're compiling it it takes 3 or 4 hours to just compile it and then some time to build it so yeah that's the reason K takes a lot of time right now Matrix is just a 32bit Linux Dr but we are trying to build a ARM version and also a 64 bit in the coming months okay any questions good yes how much time does it take you on average to add uh sometimes it just takes a couple of days I mean if I have to go

through uh knowing what the tool does and how it is then it takes some time but if I'm adding something like n or metas it just like installing and packaging it that's it so it just pretty much takes the time that it takes for you to install and configure it any more questions are you it easy add drivs uh that seems to be a tricky thing right the reason is it's tough to even get 3D drivers to run on Ubuntu if you ask me right so Ubuntu which is the largest used Linux distribution still has problems with uh getting the graphic drivers running so I think that's something I would look up at the end

sure hard yeah that's something I would bother at the end rather than bothering about it right

now you done thank you [Applause]