Source: Constellation Research

The Cloud-Computing group – Salesforce – sacked two of its senior security engineers recently. This comes after the two staffers disclosed details of an internal tool for testing IT defenses at DEF CON in July. According to sources familiar with the matter, John Cramb, a senior offensive security engineer based in Australia and Josh Schwartz, director of offensive security, were fired by a senior Salesforce executive.

Here’s the reason why John and Josh were fired by Salesforce

A senior Salesforce executive fired both Josh Schwartz and John Cramb just a few minutes after the two engineer finished their talk at the hacking conference, according to the sources.

The two ex-engineers of the cloud computing group were actually warned from a manager in a message, which was sent about half an hour before the start of their presentation, to not to go on the stage. Cramb and Schwartz reportedly were not able to see the important text in time, which is why they gave their talk. Shortly after, they were fired from the company and became jobless.

The talk, which killed their job, was about an internal project dubbed MEATPISTOL that was described as “a modular malware framework for implant creation, infrastructure automation, and shell interaction.” The talk is similar to the popular penetration-testing tool Metasploit. (MEATPISTOL is an anagram of Metasploit is no coincidence.) The plan was to open-source the internal project even when this move was resisted by lawyers and bosses at the cloud computing group at virtually the last minute.

Both the engineers were part of the red team of the San Francisco-based financial cloud giant. Red team is a group of hackers that specializes in testing and strengthening network security by finding and exploiting weaknesses. The red team had been working on the internal project to assist other red teamers in doing their job.

A description of the code and the presentation from the DEF CON is below –

“Attention Red Teamers, Penetration Testers, and Offensive Security Operators, isn’t the overhead of fighting attribution, spinning up infrastructure, and having to constantly re-write malware an absolute pain and timesink!?! It was for us too, so we’re fixing that for good (well, maybe for evil). Join us for the public unveiling and open source release of our latest project, MEATPISTOL, a modular malware framework for implant creation, infrastructure automation, and shell interaction. This framework is designed to meet the needs of offensive security operators requiring rapid configuration and creation of long lived malware implants and associated command and control infrastructure. Say goodbye to writing janky one-off malware and say hello to building upon a framework designed to support efficient yoloscoped adversarial campaigns against capable targets.”

On July 28, Schwartz tweeted within hours of giving their talk that he and Cramb had exited the cloud computing giant. After getting pressure from the manager, he removed the tweet. Cramb tweeted four days later to say that they both care deeply about MEATPISTOL being open sourced and are currently working to achieve this.