

Mozilla MASCHE – Memory Forensic Library - gnocchi
https://github.com/mozilla/masche

======
zobzu
This is cool. I like this better than GRR and osquery. The code seems cleaner,
more portable than osquery, and as powerful as GRR, all this without making
terrible security compromises such as "this tool is the key to all my
companies machine's with admin/root rights and let you run anything you like
like a pssh command".

Nice job.

~~~
mvanotti
Thanks :)

Actually, this lib needs root access in the computer. It is intended to be
used as a module in MIG (Mozilla InvestiGator), which is an agent that lives
in servers and can receive commands.. So it is mostly the same, I think,
except that the commands shouldn't return detailed information to the main
server, but just yes/no answers, for example: "Is any of my servers running a
vulnerable OpenSSL Version?"

Link to Mozilla Blog Post:
[https://blog.mozilla.org/security/2015/03/12/introducing-
mas...](https://blog.mozilla.org/security/2015/03/12/introducing-masche-
memory-scanning-for-server-security/)

There's still a lot of work to do!

~~~
zobzu
yes what I meant is that MIG doesn't seem to give root access to the
"investigator" through this. Of course the tool has to run as root.

GRR/osquery will actually let you run arbitrary code remotely.

~~~
jvehent
You are correct: MIG is designed to prevent a rogue investigator from
executing random commands on systems. We do so by filtering what agents can
run through modules, and by requiring OpenPGP signatures on all actions ran.

Even if the MIG platform is compromised, agents and systems are safe, as long
as the keys of authorized investigators (kept on their laptops) are not
compromised.

------
dguaraglia
OT, but when I read the name I was like "hah, that sounds like Mascherano,
which I guess would make sense because he's a great defense."

Was not disappointed when I saw the pic in the readme :)

------
earless1
I've been working with both Go and Rust recently and enjoy both languages. Any
reason why Go was chosen over Rust for this project?

~~~
jvehent
When MIG was started, in the summer of 2013, Rust was still too unstable to be
a good candidate. Go, however, already had the toolkit to build cross-platform
agents, so I went with this.

18 months in, I still think it was the right choice. Go is extremely powerful
and yet simple enough for contributors to pick it up in a matter of days. I
don't think we could have delivered as much value going with Rust, it's still
too young and lack the necessary libraries (AMQP, OpenPGP, etc...).

~~~
earless1
Thanks for the insight!

------
anonbanker
mozilla wrote an app in Go?

