Salesforce fires red team staffers who gave Defcon talk
"As soon as they got off the stage, they were fired."
By Zack Whittaker for Zero Day | August 9, 2017 -- 19:58 GMT (12:58 PDT) |
The creators of MEATPISTOL said they are working to get the tool open sourced.
(Image: file photo)
Salesforce has fired its director of offensive security and another senior
staff member after they gave talk at the Defcon security conference talk in Las
Vegas last month.
Josh Schwartz, director of offensive security based in San Francisco, and John
Cramb, senior offensive security engineer in Sydney, Australia, worked on the
cloud giant's security "red team," which launches offensive attacks against the
company from within to test its cyber posture and defenses.
But the two were fired "as soon as they got off stage" by a senior Salesforce
executive, according to one of several people who witnessed the firing and
offered their accounts.
The unnamed Salesforce executive is said to have sent a text message to the duo
half an hour before they were expected on stage to not to give the talk, but
the message wasn't seen until after the talk had ended.
The talk was to reveal MEATPISTOL, a modular malware framework for implant
creation, infrastructure automation, and shell interaction, aimed at reducing
the time and energy spent on reconfiguration and rewriting malware. The tool --
an anagram of a similar tool, Metasploit -- doesn't launch attacks or exploit
systems, but it allows red teamers to control the system once access has been
granted. MEATPISTOL was pitched as taking "the boring work" out of pen-testing
to make red teams, including at Salesforce, more efficient and effective.
The talk had been months in the making.
Salesforce executives were first made aware of the project in a February
meeting, and they had signed off on the project, according to one person with
knowledge of the meeting. (The meeting was held under Chatham House rules.)
The tool was expected to be released later as an open-source project, allowing
other red teams to use the project in their own companies.
But in another text message seen by Schwartz and Cramb an hour before their
talk, the same Salesforce executive told the speakers that they should not
announce the public release of the code, despite a publicized and widely
Later, on stage, Schwartz told attendees that he would fight to get the tool
Cramb also said in a tweet after the firing that they both "care deeply about
MEATPISTOL being open sourced and are currently working to achieve this"
without being "legaled to death."
News of the firing broke when Schwartz tweeted several hours after the talk, by
which point it was already well known throughout the conference. He later
deleted the tweet at the company's request citing "due process," and he set his
Twitter account to private.
Schwartz and Cramb are now being represented by the Electronic Frontier
The specific reason for the firing is unknown.
When reached, Schwartz and Cramb declined to comment. A Salesforce spokesperson
declined to comment on an "employee matter."
The duo's talk was well received, according to those who attended.
Several prominent security researchers criticized Salesforce following the
firing. Khalil Sehnaoui, a security researcher who was at the conference, said
in a tweet: "If you're going to start a rebellion amongst all your red-teamers,
don't do it at Defcon."
The community has since forwarded the duo a number of job offers.
Schwartz and Cramb are due to speak at DerbyCon and BruCon later this year.
Infowarrior mailing list