Salesforce fires red team staffers who gave Defcon talk

"As soon as they got off the stage, they were fired."

By Zack Whittaker for Zero Day | August 9, 2017 -- 19:58 GMT (12:58 PDT) | 
Topic: Security


The creators of MEATPISTOL said they are working to get the tool open sourced. 
(Image: file photo)

Salesforce has fired its director of offensive security and another senior 
staff member after they gave talk at the Defcon security conference talk in Las 
Vegas last month.

Josh Schwartz, director of offensive security based in San Francisco, and John 
Cramb, senior offensive security engineer in Sydney, Australia, worked on the 
cloud giant's security "red team," which launches offensive attacks against the 
company from within to test its cyber posture and defenses.

But the two were fired "as soon as they got off stage" by a senior Salesforce 
executive, according to one of several people who witnessed the firing and 
offered their accounts.

The unnamed Salesforce executive is said to have sent a text message to the duo 
half an hour before they were expected on stage to not to give the talk, but 
the message wasn't seen until after the talk had ended.

The talk was to reveal MEATPISTOL, a modular malware framework for implant 
creation, infrastructure automation, and shell interaction, aimed at reducing 
the time and energy spent on reconfiguration and rewriting malware. The tool -- 
an anagram of a similar tool, Metasploit -- doesn't launch attacks or exploit 
systems, but it allows red teamers to control the system once access has been 
granted. MEATPISTOL was pitched as taking "the boring work" out of pen-testing 
to make red teams, including at Salesforce, more efficient and effective.

The talk had been months in the making.

Salesforce executives were first made aware of the project in a February 
meeting, and they had signed off on the project, according to one person with 
knowledge of the meeting. (The meeting was held under Chatham House rules.)

The tool was expected to be released later as an open-source project, allowing 
other red teams to use the project in their own companies.

But in another text message seen by Schwartz and Cramb an hour before their 
talk, the same Salesforce executive told the speakers that they should not 
announce the public release of the code, despite a publicized and widely 
anticipated release.

Later, on stage, Schwartz told attendees that he would fight to get the tool 

Cramb also said in a tweet after the firing that they both "care deeply about 
MEATPISTOL being open sourced and are currently working to achieve this" 
without being "legaled to death."

News of the firing broke when Schwartz tweeted several hours after the talk, by 
which point it was already well known throughout the conference. He later 
deleted the tweet at the company's request citing "due process," and he set his 
Twitter account to private.

Schwartz and Cramb are now being represented by the Electronic Frontier 

The specific reason for the firing is unknown.

When reached, Schwartz and Cramb declined to comment. A Salesforce spokesperson 
declined to comment on an "employee matter."

The duo's talk was well received, according to those who attended.

Several prominent security researchers criticized Salesforce following the 
firing. Khalil Sehnaoui, a security researcher who was at the conference, said 
in a tweet: "If you're going to start a rebellion amongst all your red-teamers, 
don't do it at Defcon."

The community has since forwarded the duo a number of job offers.

Schwartz and Cramb are due to speak at DerbyCon and BruCon later this year.
Infowarrior mailing list

Reply via email to