Notes on Lecture by Jack Recider

Introduction

• In 1982, a robot was arrested in Los Angeles for handing out business cards and causing traffic jams.
• The police found it was controlled remotely by two teenage boys.
• Time changes interest in technology; what was once a spectacle can become mundane.

Speaker Introduction: H.D. Moore

• H.D. Moore shares his background as an early internet user and hacker.
• Began his hacking journey on bulletin board systems (BBS) in Austin, Texas.
• Developed an interest in security and hacking through exploration of computer connections.

Early Hacking Activities

• Used to dial random numbers to find listening computers in the 90s.
• Played around with security systems like HVAC at department stores.
• IRC channels, particularly Frack Chat, were vital for learning and networking with other hackers.

Career Development

• H.D. got a job with Computer Sciences Corporation (CSC), working on tools for military intelligence (U.S. Air Force).
• Conducted penetration tests on local businesses, leading to the formation of Digital Defense.
• Faced challenges with obtaining reliable exploits for testing.

The Creation of Metasploit

• Developed Metasploit as an exploit toolkit due to the lack of organized exploits available to penetration testers.
• Allowed easy selection of exploits and payloads, increasing efficiency in penetration testing.
• Introduced features for randomization to evade detection by antivirus software.

Growth and Challenges of Metasploit

• Metasploit faced criticism from various groups including law enforcement, vendors, and the hacking community.
• Despite initial pushback, it became widely adopted by security professionals and educational institutions.
• H.D. faced pressures and threats from companies and individuals upset by exploit disclosures.

Legal and Ethical Considerations

• Discussed the implications of the Computer Fraud and Abuse Act (CFAA) and how it doesn't consider intent.
• The importance of responsible disclosure vs. the need for urgency in reporting vulnerabilities.
• Considerations on how to navigate legal issues around exploit development.

Transition to Rapid7

• Rapid7 acquired Metasploit, allowing for better resources and legal protections for the project.
• Metasploit continued to be developed as an open-source tool and also introduced a commercial pro version.
• The acquisition helped provide corporate shield against legal and ethical attacks on H.D. and Metasploit.

Current Work and Industry Perspectives

• H.D. now runs Rumble, focusing on network discovery and asset management.
• Emphasized the importance of being comfortable in unknown territories and adapting to complex challenges in the tech field.
• Encouraged aspiring pen testers to participate in open-source projects to gain experience.

Conclusion

• Metasploit has evolved into a critical tool in the cybersecurity landscape.
• H.D. Moore’s experiences highlight the struggle between innovation, legal implications, and ethical responsibilities in the hacking community.