Hacktoberfest and Cybersecurity

For the sixth year, GoSecure is encouraging everyone to join Hacktoberfest. GoSecure has multiple projects open to contributions! For this specific event, we have tagged issues that are accessible to newcomers with the official tag [hacktoberfest]. 

Why participate in Hacktoberfest 2022?

Hacktoberfest is the perfect opportunity for users to learn about the internals of the tools they use. Users with sufficient development skills can contribute improvements, bug fixes and even new features to open-source software. Documentation or small improvements can be highly beneficial to a project. In return, you will benefit from seeing how the code is organized. In the medium term, you will have the opportunity to add missing features where needed. Additionally, seeing how a large project operates is a good way to improve your own software architecture skills. Working on successful projects is great inspiration because their structure has proven to stand the test of time. 

Which project should you choose?

There is no universal answer – the best project is the one where you can learn and have impact. There is a balance to strike between the time spent learning and creating a productive outcome. Make sure you are familiar with at least part of the technologies used by a project. Writing developer-focused documentation is also a very helpful activity for smaller projects like ours. 

GoSecure Projects

Here are some projects that are maintained by GoSecure: 

• PyRDP (Python): RDP Monster-in-the-Middle (MITM) tool and library for Python 
• Malboxes (Python, DevOps): Builds malware analysis Windows VMs so that you don’t have to 
• PyWSUS (Python):  Standalone partial implementation of the WSUS spec. Built for offensive security purposes. 

Other Open-Source Projects

Other projects of importance to us: 

• Ansible (Python, DevOps): Simple IT automation platform that makes your applications and systems easier to deploy and maintain 
• Pwndoc (Javascript, Vuejs): Report generation for penetration testing engagements
• Grafana (Typescript, Go): Observability and data visualization platform
• mitmproxy (Python): An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. We rely on it for honeypots and malware research. 

Still looking for a project?

Here are the top 6 biggest security project enrolled in Hacktoberfest as of October 11th. 

• Caddy (Go): Fast and extensible multi-platform HTTP/3 web server with automatic HTTPS  
• Payloads All The Things (misc): Less of a code project but a highly used repository for payload cheat sheet. Maybe your contribution will be to improve its documentation. 
• x64dbg (C++): Popular user-mode debugger for Windows. A true modern version of OllyDBG with an active community. 
• nginxconfig.io (Javascript, Vuejs): NGINX configuration generator on steroids 
• osquery (C++): SQL powered operating system instrumentation, monitoring, and analytics 
• Radare2 (C): One of the top reverse engineering tools. It is a powerful alternative to IDA Pro and Ghidra with the support of countless architectures. 

 
Good luck with your contributions!