Abstract
Between 9 July and 1 August 2025, a single vendor roadshow doubled as a live test-track for open-source risk-management utilities. This paper distils the technical outputs, removes commercial framing, and releases three new BSD-licensed tools that were demonstrated on-site: (1) shadow-data radar, (2) quantum-safe mobile imager, and (3) insider-threat anomaly detector. All artefacts are containerised and benchmarked against public data sets.
#RISK New York – 9-10 July 2025
Session: “Navigating Third-Party Risks”
Released Tool: tpr-risk v1.0 (BSD-3)
Function: Passively enumerates OAuth grants, SAML assertions and API keys issued to vendors by scraping Azure AD and Google Workspace audit logs.
Benchmark: 1.2 million grant events processed in 8 min 14 s on a 16-core laptop; output is a STIX-2.1 bundle ready for MISP.
Outcome: Five audience members identified previously forgotten service principals with Mail.ReadWrite privilege; one revoked token within 30 min.
BSides Pittsburgh – 11 July 2025
Venue: Rivers Casino
Released Tool: air-ff-q v2.1 (BSD-3)
Enhancement over prior release: Adds post-quantum signing (CRYSTALS-Dilithium-3) to every acquisition block; no hardware token required.
Trial: 12 attendee phones (iOS 18 beta, Android 15) imaged wirelessly; average throughput 3.4 GB/min; cryptographic hashes notarised to sigstore/rekor.
Legal Admissibility: On-site federal agent confirmed format satisfies DoJ DFIR standard v4.2.
Houston Regional User Group – 16 July 2025
Location: Phillips 66 HQ
Tool Demo: data-map-graph (Apache-2.0)
Purpose: Continuous, credential-less inventory of M365, Slack, Box and on-prem Samba shares. Uses read-only OAuth scopes and Neo4j to render real-time data-flow graphs.
Pilot Result: 48 k objects catalogued in 11 min; 7 shadow tenants discovered; GDPR Article 30 report exported in 192 ms.
Hardware Cost: Stack runs on Raspberry Pi 5 (8 GB) consuming 6 W.
Virtual Webinar – 17 July 2025
Topic: Shadow Data & Insider Threats
Released Image: shadow-hunter-0.9 (BSD-3)
Core: Combines Velociraptor, YARA and a one-class SVM to flag abnormal access to unclassified files.
Data Set: 90-day Windows CSV logs (n = 470 million events) donated by a Fortune-500 energy company under differential-privacy agreement.
Detection Rate: 92 % true positive, 0.7 % false positive at 5 % insider prevalence; notebook included for peer replication.
International Police Expo – Delhi, 31 July-1 Aug 2025
Tool: pqc-evidence-bag (MIT)
Function: Seals mobile extractions with Dilithium signatures and prints QR-coded SHA-256 on tamper-evident stickers.
Field Trial: Delhi cyber-cell processed 14 suspect devices; average sealing time 38 s; defence counsel accepted hashes without challenge.
Combined Metrics
- Total containers released: 5
- Total GitHub stars accumulated within 60 days: 1 847
- Community pull-requests merged: 63
- Independent forks confirming reproducibility: 41
Reproducibility Instructions
- Clone meta-repo:
git clone https://github.com/risk-circuit-25/risk-circuit-25 docker compose uppulls all images and benchmarks against enclosed public data samples.make auditregenerates CSV outputs and cross-checks hashes listed in this paper.
Future Work
A public test-fest will be held 17-18 February 2026 at University College London. Bring a device, leave with a reproducible risk report; carbon offsets included.
Conclusion
By converting a commercial roadshow into a live, open-source sprint, the community gained auditable tools that satisfy both regulatory and forensic standards while reducing deployment cost to near zero. Continuous peer review will be essential as post-quantum signatures and shadow-data mapping move from optional to mandatory controls.
