In the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license.
OST projects are usually released to provide a proof-of-concept exploit for a new vulnerability, to demonstrate a new (or old) hacking technique, or as penetration testing utilities shared with the community.
Today, OST is one of the most (if not the most) controversial topics in the information security (infosec) community.
One one side, you have the people who are in favor of releasing such tools, arguing that they can help defenders learn and prepare systems and networks for future attacks.
On the opposing side, you have the ones who say that OST projects help attackers reduce the costs of developing their own tools and hiding activities into a cloud of tests and legitimate pen-tests.
An interactive map for OST usage
These discussions have been taking place for more than a decade. However, they have always been based on personal experiences and convictions, and never on actual raw data.
This is what Paul Litvak[1], a security researcher for cyber-security firm Intezer Labs, has tried to address earlier this month, in a talk at the Virus Bulletin security conference[2].
Litvak compiled data on 129 open source offensive hacking tools and searched through malware samples and cyber-security reports to discover how widespread was the adoption of OST projects among hacking groups — such as low-level malware gangs, elite financial crime groups, and even nation-state sponsored APTs.
The results were compiled in this interactive map[3].
The most popular OSTs
Litvak found that OSTs are broadly adopted across the entire cybercrime ecosystem. From famous nation-state groups like DarkHotel to cybercrime operations like TrickBot, many groups