Web Security

Forensic

Cross-platform memory scanning in Go

• mentor: Julien Vehent
• difficulty: high

The Mozilla InvestiGator (MIG) project needs a way to inspect the content of the memory of a system, and detect threats. The typical approach in memory forensic is to dump the memory of a system, and perform analysis on another system, using tools like Volatility. We are looking for an approach that is less invasive, where an agent running on a target system can inspect its own memory without disrupting operations. Existing libraries, such as Volatility, as hard to ship to remote system. The goal of this project is to design and build a lean, cross-platform, memory inspection library in the Go language that can be integrating into MIG.

Network Security

Active measurement of firewalls configuration compliance

• mentor: TBD
• difficulty: medium

Building firewall rules is a difficulty exercise, but keeping these rules strict over several years is an even harder challenge. Products exist, such as Tufin, to facilitate the operations of firewalls at scale. In this project, we are looking for a way to actively measure compliance, by injecting traffic inside the network and parsing the results. Unlike classic port scanning, such as NMAP, which typically consist of scanning from outside-in, the idea here would be to scan from multiple network locations in parallel, and aggregate the results. One VLAN could be scanning another, without crossing datacenter boundaries. The goal is to build the scanning logic, but also the compliance validation aspect, which consist of defining in technical terms what compliance means, and checking for compliance against scan results.

Cross-platform firewall driver in Go

• mentor: Julien Vehent
• difficulty: medium
• language: english or french

The Mozilla InvestiGator (MIG) is designing to detect and respond to threats. One way of responding to an attack is to create firewall rules on the local host to block an IP, or a particular connection. The goal of this project is to create a library in the Go language that can create and delete firewall rules on Windows, MacOS and Linux (iptables and ntables). The library should also be able to retrieve a ruleset from a host in a standardized format (JSON).

System Security

Risk Management

A playful way of teaching risk management to individuals

• mentor: TBD
• difficulty: medium
• language: english

Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla.