deadPix3l

Up until this point, I have always open sourced any project that I felt was significant, or any code that wasn’t used just once. And even then, sometimes I still opensourced it. (Check Snippets for such junk code) It is my firm belief that open source code drives the world. It allows for learning, innovation, adaption to ones specific needs, and greater availability of code that may be useful to others. So ideally I would open source everything. Recently I have been getting into writing malware. This is both fun, and as a network security analyst by day, relevant to my job. Previous projects such as BasicRAT and BloodyShell are interesting projects that I have worked on. RATs (or Remote Access Trojans) are interesting pieces of software, and while they can be used for evil (which I do not condone. Please act responsibly), there is a lot of good that can come from them. Education, higher awareness of different forms of malware, a chance to develop good heuristics from open source malware, a lightweight, auditable, administration tool to oversee a network you legitimately own, etc.

But I recently took on a new project. A project which I cannot see any legitimate use for. Something that the internet (mostly the script kiddies) should not have easy access to. Ransomware. I wrote a fully-python ransomware that I am calling CryptSky. It is by no means perfect, and needs more development to be effective. I am torn whether I can, or should, release it. I have never created a project that I was proud of and capable of open sourcing (excluding contracted work which is company IP, and projects developed in air gapped environments), that I did not release as OSS. And it is a shame, because while it has a high potential to be misused, it is a legitimately cool project.

If you have an opinion on this post, such as a legitimate use of ransomware/drive encryptors, reasons I should or should not release it, or anything else, please contact me! I would love to hear it!