This piece details the craziness that is the Shellsharks logo.
Ok, so I realize it’s less of a logo and more of a complicated graphic I use as the “splash screen” of sorts for the site. I understand that logos, generally speaking, are far simpler and this is anything but. In any case… let’s get into it!
I like to think of the logo in terms of two distinct regions, the “Inner Space” which houses the 7 individual smaller circular symbols and the “Outer Space” which is essentially the large red ring with the 3 sharks, QR code and ring of binary characters.
The Cyber Kill Chain
The primary inspiration for the symbology in the Inner Space is Lockheed Martin’s Cyber Kill Chain. Though I know this model has been somewhat deprecated in favor of newer frameworks such as MITRE ATT&CK, I still think the Kill Chain has valuable (albeit more simplistic) applicability. Also, capturing ATT&CK in a graphic similar to the existing one would be even more insanely complex!
Shellsharks Logo Symbology
Let’s walkthrough the sequence of 7 symbols and how they visually represent each phase of the Kill Chain. (Note: You may need to zoom in on the individual icons as we go).
Starting on the left, we see a variety of satellites, satellite dishes and cameras all pointing towards the center circle. This represents reconnaissance performed against the target which is, again represented by the center icon. Note how the reconnaissance logo is the first one the sharks on the left are swimming to, which is meant to signify that it is the first step for the attacker (i.e. the sharks).
The second circle represents weaponization. As such, I've put a lot of weapon-related icons (e.g. swords, arrows) and military-invoking visuals into the icon.
Here we can see a rocket launch, simply depicting payload delivery.
There is quite a bit of symbology going on in this icon. We have the exploit "chain" (meant to look like 1's and 0's) going around the outside portion of the circle. There is a computer with a kraken on it (meant to just be menacing). We are running our exploit (on a Unix-based machine presumably) via ./exploit. Finally, we have a soup of 1's and 0's interspersed and spilling out of the logo into the following phase.
Here we see the stream of 1's and 0's from our exploitation phase being piped into the victim computer. The computer has a downward arrow to very plainly represent installation of malicious code.
Command & Control (C2)
This icon depicts a terminal interacting with a seemingly remote installation (i.e. one on a distant planet). This particular icon I've always really loved as it reminds me of the Endor shield generator dish from Return of the Jedi.
Actions on Objectives
Finally, we have the "Actions on Objectives" icon. Here we see a road to a building that's meant to be "Capitol-esque" with fireworks and the letters "DC01" above it. The idea here is that the objective was to capture the DC (i.e. Domain Controller). Basic, I know right?
Threat actors, hackers, red teamers, etc…
Scan it (or click) and find out! Probably not malware…
The binary stream encircling the logo is in fact ciphertext. Older variants of the logo contained clues for decryption. The current logo doesn’t really. I should probably add some clues back… To get ya started, I have provided the ciphertext below. Good luck!
01010111 00110110 01000101 01101111
01010101 01101001 01110111 01001110
01100111 01001110 00110111 01000001
01001001 01010000 01010100 01111010
01000100 01011010 01100001 01101100
01110110 01110111 00111101 00111101
Behold! The evolution of the logo… I don’t think either of the first two were ever actually on the public site though.