Open-Sourced Security: Tools, Roadmaps, and Building in the FOSS Way

Most students begin their security journey by trying out small tricks like phishing or CTF challenges, but rarely connect it to the larger ecosystem of open source security. This talk will explore how the open-source movement powers modern cybersecurity — from the tools we use, to the roadmaps we follow, to the new opportunities for contribution.

I will start with a short demo of a phishing scenario as a hook, then move into how attackers and defenders alike rely on open-source software. We will cover:

• Open Source Security Tools
  (Nmap, Wireshark, Metasploit, OWASP ZAP, Trivy, OpenVAS, etc.)

• Learning with Open Source Assets

  • Kurogoi OSINT & security roadmap

  • OWASP resources

  • HackTricks, GTFOBins, Open SSF

  • CTFtime + FOSS security blogs

• What’s Missing & What Can Be Built

  • Open-source phishing awareness kits for clubs

  • Simulation software of real world scenarios

  • FOSS-first security training platforms

  • Lightweight DevSecOps pipelines for students/projects

• How to Start Contributing

  • Submitting docs & writeups

  • Fixing bugs & adding features in security projects

  • Community-driven research (e.g., Trace Labs OSINT, Defcon Recon Village style)

The talk aims to inspire students to move beyond just “using” hacking tools, to building, contributing, and learning security the open-source way

• How open-source fuels cybersecurity innovation.

• The essential security tools every beginner can start with.

• Public roadmaps (like Kurogoi) and resources to self-learn.

• Contribution paths: how to give back to FOSS security projects.

• Ideas for what the community can still build in the open-source security space.