-
Notifications
You must be signed in to change notification settings - Fork 13
/
index.html
174 lines (160 loc) · 12.1 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'none' ; style-src https://maxcdn.bootstrapcdn.com 'self'; img-src https://avatars0.githubusercontent.com https://avatars1.githubusercontent.com https://avatars3.githubusercontent.com;">
<meta charset="utf-8">
<title>Fish in a Barrel</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" href="style.css">
</head>
<body>
<main role="main">
<div class="jumbotron">
<div class="container">
<h1 class="display-3">Fish in a Barrel</h1>
<p>Fish in a Barrel is a security research organization, dedicated to combining the laziest techniques with high impact targets. In short: we're shooting fish in a barrel.</p>
<p>With decades of combined experience in security research, we deliver top results for our clients.</p>
<p><a href="https://twitter.com/lazyfishbarrel">Follow us on Twitter</a> to get updates about memory unsafety.</p>
</div>
</div>
<div class="container marketing">
<h2>Our research staff</h2>
<div class="row">
<div class="col-lg-4">
<img class="rounded-circle" alt="Alex Gaynor" src="https://avatars3.githubusercontent.com/u/772" width="140" height="140" />
<h2>Alex Gaynor</h2>
<p>Alex is a principal security researcher and founder of Fish in a Barrel. He occasionally does security research that requires actual effort, but prefers not to.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://alexgaynor.net">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Paul Kehrer" src="https://avatars0.githubusercontent.com/u/161495" width="140" height="140" />
<h2>Paul Kehrer</h2>
<p>Paul is a long-time fan of poorly written software, having developed it his entire career. When not writing fuzzers he can be found crawling back under the rock he came from.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://frinkiac.com/caption/S05E10/148280">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Jonathan Rudenberg" src="https://avatars0.githubusercontent.com/u/13026" width="140" height="140" />
<h2>Jonathan Rudenberg</h2>
<p>Jonathan never intended to be a security researcher, but that changed when they almost got sued for accidentally discovering a flaw in a major cloud provider. Since that day, Jonathan has continued to accidentally find bugs, and occasionally modifies build systems that no one understands as part of the futile fight against solved bugclasses.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://frinkiac.com/img/S07E17/702635.jpg">Learn More »</a>
</p>
</div>
</div>
<div class="row justify-content-center">
<div class="col-lg-4">
<img class="rounded-circle" alt="Tim Smith" src="https://avatars3.githubusercontent.com/u/173889" width="140" height="140" />
<h2>Tim Smith</h2>
<p>Tim is literally a biologist. Once we made it clear that "fuzzing" was not the same as "letting mold take over your culture" he caught on pretty quickly.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://tds.xyz">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Chris Wolfe" src="https://avatars3.githubusercontent.com/u/641357" width="140" height="140" />
<h2>Chris Wolfe</h2>
<p>Chris was immediately hooked on writing fuzzers when he noticed that they produce enormous amounts of logs and crash programs.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://derwolfe.net">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Nelson Elhage" src="https://avatars3.githubusercontent.com/u/16725" width="140" height="140" />
<h2>Nelson Elhage</h2>
<p>Nelson used to find security bugs the old-fashioned way, by actually reading source code. Once he realized that oss-fuzz was a lot easier he renounced his "doing actual work" ways for good.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://nelhage.com">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Augie Fackler" src="https://avatars1.githubusercontent.com/u/20269" width="140" height="140" />
<h2>Augie Fackler</h2>
<p>Augie enjoys fuzzing because it's a fun way to convince people they shouldn't write C and C++.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://durin42.com">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Elana Hashman" src="https://avatars1.githubusercontent.com/u/4706131" width="140" height="140" />
<h2>Elana Hashman</h2>
<p>In spite of her work to add better support for <a href="https://github.com/pypa/auditwheel">reliably distributing compiled binaries</a>, Elana has spent nearly her entire professional career trying to avoid C and C++.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://hashman.ca/about">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="William Woodruff" src="https://avatars1.githubusercontent.com/u/3059210" width="140" height="140" />
<h2>William Woodruff</h2>
<p>William is a human-shaped fuzzer. Banks hate him! He will never give up Ruby.</p>
<p>
<a class="btn btn-secondary" role="button" href="https://yossarian.net">Learn More »</a>
</p>
</div>
<div class="col-lg-4">
<img class="rounded-circle" alt="Your Name Here" src="https://avatars1.githubusercontent.com/u/5615737" width="140" height="140" />
<h2>Your Name Here!</h2>
<p>Fish in a Barrel is looking to grow and diversify our team of security researchers. Do you like doing security research that could be entirely eliminated by better tools? Consider joining!</p>
<p>
<a class="btn btn-secondary" role="button" href="https://github.com/fishinabarrel/fishinabarrel.github.io">Apply to Join »</a>
</p>
</div>
</div>
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-7">
<h2 class="featurette-heading">Memory unsafety + fuzzing = <span class="text-muted">Fish in a Barrel</span></h2>
<p class="lead">We leverage cutting edge fuzzing engines like libFuzzer and AFL to target known-unsafe programming languages like C and C++ to maximize our findings. Hundreds of CVEs, almost no effort.</p>
<p>Sometimes we also type <code><script>alert()</script></code> into websites.</p>
</div>
</div>
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-5"></div>
<div class="col-md-7">
<h2 class="featurette-heading">High impact targets</h2>
<p class="lead">We target security-critical projects such as ImageMagick, GraphicsMagick, ClamAV, and GnuTLS to maximize our impact.</p>
<p>We've probably found vulnerabilities in something you use.</p>
</div>
</div>
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-7">
<h2 class="featurette-heading">We get results</h2>
<p class="lead">Look at all these <a href="https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=-Type%3DBuild-Failure+status%3AVerified+label%3AProj-imagemagick%2CProj-graphicsmagick%2CProj-gnutls%2CProj-libjpeg-turbo%2CProj-libssh%2CProj-libyaml%2CProj-mupdf%2CProj-systemd%2CProj-libgd%2CProj-libexif%2CProj-vorbis%2CProj-msgpack-c%2CProj-json-c%2CProj-libsodium%2CProj-poppler%2CProj-libgit2%2CProj-libtiff%2CProj-libcbor%2CProj-mercurial%2CProj-avahi&sort=-modified&colspec=ID+Type+Component+Status+Library+Reported+Owner+Summary+Modified&x=type&y=proj&mode=grid&cells=counts">vulnerabilities</a>.</p>
<p>There's no way we'd be this productive if we had to do real work for each vulnerability.</p>
</div>
</div>
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-5"></div>
<div class="col-md-7">
<h2 class="featurette-heading">Please put us out of business</h2>
<p class="lead">Stop writing C/C++.</p>
<p>Probably you should also sandbox your software.</p>
</div>
</div>
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-7">
<h2 class="featurette-heading">Phish in a Barrel</h2>
<p class="lead">Stop sending your employees test phishing emails. Everybody clicks on them all the time.</p>
<p>Use <a href="https://www.imperialviolet.org/2018/03/27/webauthn.html">phishing resistant authentication</a> instead. Seriously, buy all your employees security keys.</p>
</div>
</div>
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-5"></div>
<div class="col-md-7">
<h2 class="featurette-heading"><span class="badge badge-primary">New</span>Fish in a Barrel Swag</h2>
<p class="lead">Branded vulnerabilities shouldn't be the only art in this industry.</p>
<p>We're proud to offer <a href="https://www.zazzle.com/store/fish_in_a_barrel/products">Fish in a Barrel Swag</a> for sale. Available as posters or stickers, this art serves as a reminder that we all have a responsibility to stop using programming languages that contribute to avoidable vulnerabilities.</p>
</div>
</div>
</div>
</main>
</body>
</html>