The Origin Story of DracoEye - Ste Wright

hello everybody so here am I I'm St uh em Le Dev that security company my background is in developing software and broadcast media that saided 14 14 countries across Europe previously of two fintech startups and kept my teeth in digital agency a cyber security expert I am not so transitioning from developing for broadcast media to cyber security has been a bit of a daunting move um I was I was implemented the necessary steps as a software developer in the industries I was working in but when you're writing software for the cyber security industry it's a completely different catler fish and the the acronyms alone are an absolute mind failed so When developing for this industry one goal I set myself

is to make any software I WR as accessible as possible to audiences outside the cyber security as well if they can make sense of it then I can make sense of it and everyone's happy including you guys two the Cyber Security Experts so I'm here to tell you about corks grw we call it corks grw that's our internal project name but you'll know as draoi right now it facilitates searches across the industry authorities I datab bases um for file hashes email email addresses IP addresses and domains as well as this we're currently providing H information for IPs and domains too all from one search box but this is just the start we chose Corkscrew as a project name because we

envisage it as a a one stop for everything it's not just ioc searches it's it will be everything and that will include things like um web server information SSL information screenshotting uh to have I been pwned kind functionality as well that way it gives you the top level View and then when you want to drum down into detail you can do so to quote my director of Technology Rich Benfield we're not making it a tool to change the world just make it a bit more convenient the idea behind the project is to pull everything together into one convenient place from there you can dig into the details through the likes of Alien Vault or threat Fox this way you

don't have to switch between the services and your toolkit just one simple search in one convenient place so I'll do a demo now and as we know demos never go right so uh so bear with me I was taking you bre it'll either work or it won't right out so this is what you see when you first come to the site and we'll start by looking look at a file to see if it's vulnerable so uh don't tell elizer and Steven but I have a vulnerable file on my PC but uh yeah let's go ahead and add that so there we go it's got wife definitely sh is she full of vulnerabilities that's the [Laughter]

question so let's go ahead and let's have a look at that file and see what comes up so it looks like a hash and yep there we are we've got some vulnerabilities so we can see that on Alien Vault and team Cy that hash has been found in the database and we can also you know just like attaching a file if we know the hash and we don't want to try playing with files we can also just paste it in the search box and the same same result will happen when we attach a file what we're not doing is sending that file to our servers we're not touching that file uh one to ensure your security and two

because we don't want anything with vulnerabilities hitting our servers so what happens is it gathers the md5 hash in the browser and it's just the md5 hash that we use for that so let's go ahead and I've got a domain I know which is a dirty one so let's copy that let's go back here so let's see what that result would look like for say a domain so there we go let me look that up and boom there it is we can see we've got vulnerabilities so at the moment this is a MBC it's the first part of the journey So currently you know there's a lot of scroll then there's a lot of results

that's not nice we're going to neaten that up but we do have some filtering so you can narrow it down to there and let's go back to the slides I w't go through IP addresses and email addresses it's pretty much the same kind of thing but it's that whole one box for everything and searching across everywhere so let's go back to the

slides so what's next we're looking at adding DNS record look at for domains SSL information for domains and IP addresses and with that what we hope to do is when you return say you've got a a nasty domain that's attached to a nasty server we also want to look at the IP address and do a follow-up search we'll be able to do that um and we're also adding currently have I been pwn like functionality and there's plenty more but we're keeping some of our cards close to our chests and then second demo time and I promise you it is the last one so let's go over to our development site so let's just give that a refresh

I've been disconnected there we go so just the same as what we've seen before but let's look up our friends Adult Friend

Finder you're in the top 20 users let me look that up and so not only do we have the results that we already had before for but we've also got this pwn analysis and this is how we envisage the tool growing so that it appeals not just to cyber cyber security experts but to a larger field of users as well so we'll have this nice little bar jump into all the little bits of information including what we currently have you know the H information I know we need a sticky toolbar on this one um the security analysis which we already have and that pound analysis um we're currently looking for a partner to work with for the pound

like functionality um because we won't be working with have Inon because reasons they said it's not as it's them um there we go it's h it's it's not too bad um they they saw their API and we showed them what we're doing and they decided that they didn't like how we were using their service but we're doing nothing more than what they're doing so never mind um let's go back to the slides wrong tab there we go let me get my notes back up sorry about this I WR software for a living can you believe

it there we go I can see my notes again now so we're steering the road map around community feedback we'd be Keen to hear more from you on what you'd like to see in the tool and what functionality would be useful to you as cyber security professionals so on that I'll open the floor to any questions far away good yes it is in the road map so one of the things that we want to do is not only to have it as for our site but we want to integrate it with the bigger tools which we're building so this has been a Friday project for me in work it's in my time on a Friday afternoon um

but we can see a lot of value in open up the API to allow it to be integrated into other services so yeah that's definitely in the road map far away good sir us

up um no so we've by Design we've we've got no way to to see what has previously been searched however we are looking to when vulnerability is found for a given hash or a given domain um we'll create an index of those track them and then we're looking to do some kind of subscription where you register your email address so you can monitor a given hash or you know monitor a given domain so you can keep an eye on on how that changes over time fire what you can say um given that md5 hashing is trivially easy to cause Collision please tell me you're going to support something a bit better we are indeed yeah yeah so this is just this is

just the starting point so we're going to do sh sh1 hashes as well that's that's in the road in fact that's next on the development you want to go further than that yeah sh one's been deated since 2011 yeah cool so yeah we'll take that feedback and yeah yeah yeah yeah I think what we'll do is we'll we'll probably mirror what the big boys are doing then that way you know we've got that full coverage and then I was just going to say if you're genuinely interested in user requests because I'm enjoying using the All um if you could add to your domain clever the ability to check for D SPF em kind of stuff that would

genuinely increas yeah definitely yeah what I'll do is I'll pass you my email address at the end so so that I can get some more feedback from you and then we'll po pop into the road map but like I say this tool is very much being stayed by you guys we come up with the ideas in our small group and our engineering team but it's when we put it out to the community and that Community provides us feedback that we get there [ __ ] that's a really good idea sorry for [Laughter] SAR you put something up there about SSL things like that you looking to like something domain in it would actually do some

uh stand and settings for that yeah exactly that yeah so trying to we're trying to give as much information in one place as possible not only as a security tool but also as a diagnostic tool so if you're rolling out services and you've got issues with SSL then we'll be able to also provide with the information so that you can act upon it you can do that yourself or integrate something like it'll be an integration yeah our attitude very much is where there's existing services and they're good there's no point wasting our development time and Reinventing the wheel so yeah absolutely we try to do everything on an integration basis wherever possible anyone else at

all okay so we've got some stickers so uh feel free to take a draco sticker pop on your laptop hand them to friends yeah got no Snickers plenty of stickers but no thank you very much everybody