Resources
Article

A New Chapter in SecureAuth’s Commitment to Open Security Research and Knowledge Sharing: A New Home for Impacket

As of January 2023, Fortra’s Core Security now hosts and maintains Impacket. They will continue to develop both Impacket technology and the open-source ecosystem around it, enabling community partners to contribute to and enhance this unique tool. Learn more

As leaders in the identity industry, we are praised for our unique strength of using security research as a driver of our innovation and the continuous development of our identity security solutions. For years, we’ve dedicated efforts to maintain and grow open source offensive security tools that helped dozens of identity and security professionals evaluate their security posture and continue advancing the field.

As the company matures and evolves, we face a new chapter in our commitment to open security research and knowledge sharing. We’ve found new destinations for those valuable initiatives, where we think contribution to the industry and the collective knowledge can be further fostered.

Our plans moving forward

First, a plugin for Wireshark that allowed the analysis of several SAP proprietary binary protocols was part of our portfolio. It was conceived as a way to play and research with the protocols and their security impact on the bigger SAP ecosystem. Always meant to be contributed back to the core Wireshark project, this effort was delayed for some time. We’re now donating and contributing the code to the greatest Wireshark Foundation project to be integrated as main dissectors. Development can be continued from the official Wireshark’s Gitlab repository.

Secondly and as a related effort, we maintained a couple of Python-based projects around SAP binary protocols. pysap is a library and a set of example code pieces that implemented portions of the protocols, and allowed security researchers and professionals to interact with SAP systems. HoneySAP is an experiment based on pysap to implement the concept of a “honeypot” applied to SAP business enterprise applications. Both projects were maintained and developed during several years by SecureAuth. We’re now donating and contributing the two projects to the OWASP Core Business Application Security (CBAS)initiative. Development will continue as part of the OWASP umbrella and contributions are more than welcomed there.

Finally, Impacket was our flagship open source initiative. Used by hundreds of security researchers, penetration testers and red/blue teamers alike, it served as the base for dozens of tools, scripts, publications and research pieces. We’re now transitioning this project to Fortra’s open source portfolio. As the home of offensive security products and solutions, they will take the task of continuing hosting and maintaining the Impacket project and its community.

Overall, we think that this new chapter will not only allow the continued development of the tools but also push the wonderful open source communities around to continue growing and contributing to the identity security industry.