MIDAS is a lightweight, scalable tool that helps identify a broad range of potential indicators of compromise on a Mac host.
Ever since Facebook started its social-network business in May 2007, the company has been cognizant of its own open-source roots and has made a point ever since of giving back code and tools to the open-source community as a result.
In 2008, for example, the fledgling social network released most of the code that runs Facebook Platform.
This includes the REST API, FBML parser, FQL parser, and FBJS sanitizer and proxy, along with implementations of many of the popular coding methods and tags.
In 2011, Facebook helped create the Open Compute Project, which essentially open sourced the specification for its servers and data center architecture.
The OCP has picked up a great deal of momentum within the community ever since.
This year, the world’s largest social network (1.2 billion members and counting) steered the OCP over to networking. That special-interest group has already lined up key industry partners and has actual products in the pipeline.
Now, Facebook is releasing a series of new open-source software tools on a regular basis.
The latest of which, launched Dec. 6, is called MIDAS — a lightweight, scalable tool that helps identify a broad range of potential indicators of compromise on a MAC host.
A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment.
Facebook publicly discussed the initial MIDAS prototype at the Ruxcon security conference in November 2012, hoping it would spark interest and further development — and it did.
After seeing the talk, the Etsy.com security team heavily iterated and improved on the concept, Facebook said. “As we continued to develop internal versions at our respective companies, we realized the value we could offer the larger community by open sourcing the framework,” a Facebook team member wrote on the company’s corporate blog.
So, as of today, you can find the MIDAS project and code on Github.
“Our mutual goal in releasing this framework is to foster more discussion in this area and provide organizations with a starting point in instrumenting their OS X hosts,” the Facebook team member wrote.
“As a small example of its capabilities, MIDAS enables you to poll for the following information: LaunchAgents; LaunchDaemons; Kernel Extensions; Network Configurations.
This gives you the ability to quickly audit your assets for threats like IceFog, Dockster, Imuler, Morcut, PubSab, etc.
“MIDAS will become better and more robust if people contribute code, file bugs, and tell others about it. We look forward to seeing your contributions,” Facebook said.