Lukas Peters - The process of contributing to a Red Team tool Realm
Project Contribution
Realm is a Red Team command and control (C2) tool that was created by professional industry red teamers. I have used Realm for red versus blue cybersecurity competitions and I thought it would be good to join with the rest of the red teamers to make the tool better. It is written in mostly Rust.
They also do have a Discord server that I lurk in. I reguarly see conversations happening in there around the tool like about bug fixes and what not.
Realm also have documentation and it is documented pretty well.
Finding the issue
I looked for good first issues on their issue tracker and came across an issue that I thought I could do.
This feature would be useful for red teamers because during competitions or engagements, they would need to know what other users are on the system. With this feature, they can get a list of users.
I asked if I can be assigned to this issue and I did get assigned.
So, I got to work.
Working on the issue
The problem is that I do not know Rust. But I am good at reading the code and figuring out how it works. Rust was a whole lot different than what I was expecting. So you can see in my commits as I tried to figure out commits.
When I finally figured it out, I had a working implementation that works for Linux which you can see here in this demo that I recorded.
I sent this demo to my friend who was basically one of the maintainers of the project as he does lot of red teaming and someone I can talk to easily.
As you can see in the screenshot, I did have to talk to him about things I learned about Rust while working on this project. And of course, I had to make sure it worked for Windows and FreeBSD.
When I finished that and moved onto implementing the test units, I went into a burnout.
The burnout that prevented the pull request
When I was doing these contributions, it was during the last weeks of the Fall semester. And so the finals came up which made me put off on making the pull request. Because of that, my commits are just sitting in my fork of Realm and since it has been a while, I felt like it would be awkward to do it.
So the PR was nevered opened. I think this could be a serious issue in real world where contributors do not have time and motivation to finish their projects. If I were to do this again, I would submit the PR earlier without test units and built upon that, or communicate with the creators of the project.