SlideShare ist ein Scribd-Unternehmen logo

[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcement Learning by Isao Takaesu

CODE BLUE
CODE BLUE

DeepExploit is fully automated penetration testing tool using Deep Reinforcement Learning. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint. DeepExploit’s key features are the following: 1) Efficiently execute exploit: DeepExploit can execute exploits at pinpoint (minimum 1 attempt). 2) Deep penetration: If DeepExploit succeeds the exploit to the target server (=compromised server) with in the perimeter network, then it executes the exploit to internal servers via compromised server. 3) Self-learning: DeepExploit can learn how to exploitation by itself. By using our DeepExploit, you will benefit from the following: For penetration testers: (a) They can greatly improve the test efficiency; (b) The more penetration testers use DeepExploit, DeepExploit learns how to method of exploitation using Deep Reinforcement learning. As a result, accuracy of test can be improved. For Information Security Officers: (c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach. Because attack methods to servers are evolving day by day, there is no guarantee that yesterday’s security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. DeepExploit will contribute greatly to maintaining your safety.

Präsentationen & Vorträge
1 von 26
Downloaden Sie, um offline zu lesen
Deep Exploit - Fully automated penetration test tool - October 30th, 2019 Blue Box 2019 Presented by Isao Takaesu
© 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019 About the speaker. Security Engineer, Programmer, CISSP, Master degree (Info Tech) My works are : (1) Vulnerability assessment (Detect vulnerabilities / Propose countermeasures) (2) Research & Development (Automatic pentest technology using Machine Learning) - Past talked in conference - Black Hat Arsenal ASIA/USA/EURO, DEFCON Demo Labs/AI Village, CODE BLUE, PYCON JP etc.. (3) Human resource development ・Judge of “HITB+ AI Challenge” (Fully automated cybersecurity competition using Machine Learning.) ・Instructor of “Security Next Camp” (HR development program for cybersecurity in Japan.) ・MINI Hardening project (Learn how to respond to cyber security incidents.) ・Secure Brigade (Share information security technology know-how with books and podcasts.) ・AISECjp (Hold a study group on Machine Learning security in Japan.) Mitsui Bussan Secure Directions, Inc Professional Service Div. Isao Takaesu Twitter: @bbr_bbq GitHub: 13o-bbr-bbq
What is Deep Exploit ? Deep Exploit Perimeter Network External Firewall Web Servers DNS Servers Internal Firewall Database Server Web Server Internal Network Internal Computers Fully automatically exploit the target on perimeter and internal networks. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
ML ModelA3C of Reinforcement Learning Penetration Test Framework Deep Exploit Target Server RPC API Exploit ML model : Operate the Metasploit via RPC API. Metasploit : Execute “Exploit” and “Post-Exploit” . Send Commands Receive Result ML model and Metasploit are linked via RPC API. Overview © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
・Penetration test framework by Rapid 7. ・Command operation is required. ・It has many “Exploit modules”. ・It has many “Targets”. ・It has many “Payloads”. ・It has various RPC API. We can operate it from external program (ML model) We must select optimal exploit module, targets and payload according to succeed the exploitation. What is Metasploit? © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Beforehand, ML Model needs to train how to exploit. I use Deep Reinforcement Learning which can select optimal payload. ・ ・ ・ ・ ・ ・ ・ ・ ・ State (s) Target server info collected by Intelligence Gathering. Q value Payload… ・ ・ ・ ・DNN outputs the payload according to the input information. ・Agent executes the exploit using payload. ・DNN learn optimal exploit based on “exploit result” using Backpropagation. Action (a) Exploit Target Server Deep Neural Network Reward (r) Exploit result Learn(Backprop) using “Reward” Reinforcement Learning Agent State (s’) Changed state What is ML Model. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
ML ModelA3C of Reinforcement Learning Penetration Test Framework Deep Exploit Trained Data RPC API Save/Restore Training Servers Training DeepExploit uses vulnerable servers for learn how to exploit. Send Commands Receive Result Training environment. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
・ ・ ・ Numerous Trials (about >10,000) ・ ・ ・ Worker thread Parameter Server ・ ・ ・ … ⊿w=gradw ⊿w=gradw ⊿w=gradw ・ ・ ・ Worker thread Worker thread send recv recvsend recv send Target Host info OS type Product Name Version Exploit module Target Payloads cmd/unix/bind_ruby linux/x86/shell/bind_tcp bsd/x64/exec generic/debug_trap linux/mipsle/shell_bind_tcp mainframe/shell_reverse_tcp ・・・ … ・ ・ ・ Training Servers ・ ・ ・ ・ ・ ・ Learn how to exploitation while trying numerous exploits on multi threads How to learn “Exploitation”. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
https://youtu.be/8ht4y9tboNY [Demo] Training of Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Processing Flow. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents discovery : identify Web products using found product contents on the Web port. 3. Web crawling : collecting HTTP responses on the Web port. By analyze HTTP responses using String-matching and Naive Bayes, identify Web products. Intelligence Gathering. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents discovery : identify Web products using found product contents on the Web port. 3. Web crawling : collecting HTTP responses on the Web port. By analyze HTTP responses using String-matching and Naive Bayes, identify Web products. Intelligence Gathering. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> What are included the Web products in this HTTP response? Question. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Answer (1). It can identify OpenSSL and PHP using String-Matching. But, this HTTP response includes more products. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Answer (2). It can identify joomla! and Apache using Naive Bayes. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Open session between “Deep Exploit” and front server. Step 2. Exploitation ・ Execute exploit to front target server using trained data. ・ Open session between “Deep Exploit” and target server. Connectable Execute exploits Front target ServerDeep Exploit Compromised ・ ・ ・ Target Server Info Optimal Payload Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 3. Post-Exploitation Step 4. Generate Report Pivoting and execute the exploit to internal servers. Step 2. Exploitation Step 3. Post-Exploitation ・ Pivoting and execute the exploit to internal server via compromised server. Connectable Exploit via Front target server Internal target Servers Connectable Execute exploits Front target ServerDeep Exploit Compromised ・ ・ ・ Target Server Info Optimal Payload Post-Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 3. Post-Exploitation Step 4. Generate Report Step 2. Exploitation Step 3. Post-Exploitation ・ Execute exploit to internal target servers via front target server Connectable Exploit via Front target server Internal target Servers Connectable Execute exploits Front target ServerDeep Exploit Compromised ・ ・ ・ Target Server Info Optimal Payload Deep Exploit repeats Step1-3 in internal servers. Post-Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 4. Generate Report ・ Generate the report of penetration test. Generate Report. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Server-A IP: 192.168.184.132 Deep Exploit IP: 192.168.184.145 Connectable Directly connect Scenario 1. Single target server https://youtu.be/mgEOBIM4omM [Demo] Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Scenario 2. Exploitation via compromised server (=Server-A) [Demo] Exploitation. https://youtu.be/DsBNOGBjJNg Connectable Directly connect Connectable Exploit via Server-A Deep Exploit IP: 192.168.184.145 Server-A IP: 192.168.184.132 Server-B IP: 192.168.184.148 (Only permits Server-A to connect) Perimeter Network Internal Network © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
Scenario 3. Deep penetration [Demo] Exploitation. Server-A IP: 192.168.220.145 Deep Exploit IP: 192.168.220.150 Server-B IP: 192.168.220.146 (Only permits Server-A to connect) Connectable Connectable Exploit via Server-A Connectable Exploit via Server-A Directly connect Perimeter Network Internal Network Server-C IP: 192.168.220.152 (Only permits Server-A to connect) https://youtu.be/s-Km-BE8NxM © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
・I developed a fully automated penetration testing tool called DeepExploit. ・The DeepExploit consists of ML model and Metasploit. ・The ML model is Deep Reinforcement Learning that can learn how to exploit by itself. ・ The DeepExploit can execute exploit at pinpoint (minimum 1 attempt) using ML model. ・ If succeeds the exploit, the DeepExploit can execute exploit to the internal servers. ・Current version of DeepExploit is PoC, so I have any blueprints: - I have to improve accuracy of exploitation. - I exchange the ML model to Monte Carlo Tree Search (MCTS). Conclusion. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
・Source codes & Usage https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit GitHub: 13o-bbr-bbq Resource © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
© 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019 Who we are: Company MBSD - Mitsui Bussan Secure Directions, Inc. Established 2001 Head office Tokyo, Japan Paid in capital JPY 400 Mil (100% subsidiary of Mitsui & Co., Ltd) Employees 256 Industry affiliations Leading companies in Japan, such as telecoms, banks, retailers, internet business and the governments. Businesses Professional security services to protect business from cyber attacks. Vulnerability Assessment/Penetration test (Web/NW/Internet of Things…) Services Managed Security Services, Incident Response, GRC Consulting, R&D.
Reference all source codes and document: https://github.com/13o-bbr-bbq/

Empfohlen

Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...CODE BLUE
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunkjamesmbower
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKEyesOpen Association
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
 

Empfohlen

Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...CODE BLUE
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunkjamesmbower
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKEyesOpen Association
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıBGA Cyber Security
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Alphorm.com Formation Analyse de Malware 1/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 1/2 : Le guide completAlphorm.com Formation Analyse de Malware 1/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 1/2 : Le guide completAlphorm
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
The Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionThe Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionPatrycja Wegrzynowicz
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingRana Khalil
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...Amazon Web Services
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slideCloudVillage
 

Weitere ähnliche Inhalte

Was ist angesagt?

Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıBGA Cyber Security
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Alphorm.com Formation Analyse de Malware 1/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 1/2 : Le guide completAlphorm.com Formation Analyse de Malware 1/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 1/2 : Le guide completAlphorm
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
The Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionThe Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionPatrycja Wegrzynowicz
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingRana Khalil
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 

Was ist angesagt? (20)

Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Alphorm.com Formation Analyse de Malware 1/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 1/2 : Le guide completAlphorm.com Formation Analyse de Malware 1/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 1/2 : Le guide complet
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
The Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionThe Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL Injection
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 

Ähnlich wie [CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcement Learning by Isao Takaesu

An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...Amazon Web Services
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slideCloudVillage
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...REVULN
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)Chanaka Lasantha
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploitFreddy Buenaño
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Talha Obaid, Email Security, Symantec at MLconf ATL 2017
Talha Obaid, Email Security, Symantec at MLconf ATL 2017Talha Obaid, Email Security, Symantec at MLconf ATL 2017
Talha Obaid, Email Security, Symantec at MLconf ATL 2017MLconf
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?CiNPA Security SIG
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?CiNPA Security SIG
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...CiNPA Security SIG
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 

Ähnlich wie [CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcement Learning by Isao Takaesu (20)

An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...
 
MozDef Workshop slide
MozDef Workshop slideMozDef Workshop slide
MozDef Workshop slide
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
 
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
Talha Obaid, Email Security, Symantec at MLconf ATL 2017
Talha Obaid, Email Security, Symantec at MLconf ATL 2017Talha Obaid, Email Security, Symantec at MLconf ATL 2017
Talha Obaid, Email Security, Symantec at MLconf ATL 2017
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
 
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
44CON Hacking Enterprises
44CON Hacking Enterprises44CON Hacking Enterprises
44CON Hacking Enterprises
 

Mehr von CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

Mehr von CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Kürzlich hochgeladen

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 

Kürzlich hochgeladen (20)

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 

[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcement Learning by Isao Takaesu

  • 1. Deep Exploit - Fully automated penetration test tool - October 30th, 2019 Blue Box 2019 Presented by Isao Takaesu
  • 2. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019 About the speaker. Security Engineer, Programmer, CISSP, Master degree (Info Tech) My works are : (1) Vulnerability assessment (Detect vulnerabilities / Propose countermeasures) (2) Research & Development (Automatic pentest technology using Machine Learning) - Past talked in conference - Black Hat Arsenal ASIA/USA/EURO, DEFCON Demo Labs/AI Village, CODE BLUE, PYCON JP etc.. (3) Human resource development ・Judge of “HITB+ AI Challenge” (Fully automated cybersecurity competition using Machine Learning.) ・Instructor of “Security Next Camp” (HR development program for cybersecurity in Japan.) ・MINI Hardening project (Learn how to respond to cyber security incidents.) ・Secure Brigade (Share information security technology know-how with books and podcasts.) ・AISECjp (Hold a study group on Machine Learning security in Japan.) Mitsui Bussan Secure Directions, Inc Professional Service Div. Isao Takaesu Twitter: @bbr_bbq GitHub: 13o-bbr-bbq
  • 3. What is Deep Exploit ? Deep Exploit Perimeter Network External Firewall Web Servers DNS Servers Internal Firewall Database Server Web Server Internal Network Internal Computers Fully automatically exploit the target on perimeter and internal networks. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 4. ML ModelA3C of Reinforcement Learning Penetration Test Framework Deep Exploit Target Server RPC API Exploit ML model : Operate the Metasploit via RPC API. Metasploit : Execute “Exploit” and “Post-Exploit” . Send Commands Receive Result ML model and Metasploit are linked via RPC API. Overview © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 5. ・Penetration test framework by Rapid 7. ・Command operation is required. ・It has many “Exploit modules”. ・It has many “Targets”. ・It has many “Payloads”. ・It has various RPC API. We can operate it from external program (ML model) We must select optimal exploit module, targets and payload according to succeed the exploitation. What is Metasploit? © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 6. Beforehand, ML Model needs to train how to exploit. I use Deep Reinforcement Learning which can select optimal payload. ・ ・ ・ ・ ・ ・ ・ ・ ・ State (s) Target server info collected by Intelligence Gathering. Q value Payload… ・ ・ ・ ・DNN outputs the payload according to the input information. ・Agent executes the exploit using payload. ・DNN learn optimal exploit based on “exploit result” using Backpropagation. Action (a) Exploit Target Server Deep Neural Network Reward (r) Exploit result Learn(Backprop) using “Reward” Reinforcement Learning Agent State (s’) Changed state What is ML Model. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 7. ML ModelA3C of Reinforcement Learning Penetration Test Framework Deep Exploit Trained Data RPC API Save/Restore Training Servers Training DeepExploit uses vulnerable servers for learn how to exploit. Send Commands Receive Result Training environment. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 8. ・ ・ ・ Numerous Trials (about >10,000) ・ ・ ・ Worker thread Parameter Server ・ ・ ・ … ⊿w=gradw ⊿w=gradw ⊿w=gradw ・ ・ ・ Worker thread Worker thread send recv recvsend recv send Target Host info OS type Product Name Version Exploit module Target Payloads cmd/unix/bind_ruby linux/x86/shell/bind_tcp bsd/x64/exec generic/debug_trap linux/mipsle/shell_bind_tcp mainframe/shell_reverse_tcp ・・・ … ・ ・ ・ Training Servers ・ ・ ・ ・ ・ ・ Learn how to exploitation while trying numerous exploits on multi threads How to learn “Exploitation”. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 9. https://youtu.be/8ht4y9tboNY [Demo] Training of Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 10. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Processing Flow. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 11. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents discovery : identify Web products using found product contents on the Web port. 3. Web crawling : collecting HTTP responses on the Web port. By analyze HTTP responses using String-matching and Naive Bayes, identify Web products. Intelligence Gathering. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 12. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents discovery : identify Web products using found product contents on the Web port. 3. Web crawling : collecting HTTP responses on the Web port. By analyze HTTP responses using String-matching and Naive Bayes, identify Web products. Intelligence Gathering. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 13. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> What are included the Web products in this HTTP response? Question. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 14. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Answer (1). It can identify OpenSSL and PHP using String-Matching. But, this HTTP response includes more products. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 15. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Answer (2). It can identify joomla! and Apache using Naive Bayes. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 16. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Open session between “Deep Exploit” and front server. Step 2. Exploitation ・ Execute exploit to front target server using trained data. ・ Open session between “Deep Exploit” and target server. Connectable Execute exploits Front target ServerDeep Exploit Compromised ・ ・ ・ Target Server Info Optimal Payload Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 17. Step 1. Intelligence Gathering Fully automatic (No human) Step 3. Post-Exploitation Step 4. Generate Report Pivoting and execute the exploit to internal servers. Step 2. Exploitation Step 3. Post-Exploitation ・ Pivoting and execute the exploit to internal server via compromised server. Connectable Exploit via Front target server Internal target Servers Connectable Execute exploits Front target ServerDeep Exploit Compromised ・ ・ ・ Target Server Info Optimal Payload Post-Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 18. Step 1. Intelligence Gathering Fully automatic (No human) Step 3. Post-Exploitation Step 4. Generate Report Step 2. Exploitation Step 3. Post-Exploitation ・ Execute exploit to internal target servers via front target server Connectable Exploit via Front target server Internal target Servers Connectable Execute exploits Front target ServerDeep Exploit Compromised ・ ・ ・ Target Server Info Optimal Payload Deep Exploit repeats Step1-3 in internal servers. Post-Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 19. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 4. Generate Report ・ Generate the report of penetration test. Generate Report. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 20. Server-A IP: 192.168.184.132 Deep Exploit IP: 192.168.184.145 Connectable Directly connect Scenario 1. Single target server https://youtu.be/mgEOBIM4omM [Demo] Exploitation. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 21. Scenario 2. Exploitation via compromised server (=Server-A) [Demo] Exploitation. https://youtu.be/DsBNOGBjJNg Connectable Directly connect Connectable Exploit via Server-A Deep Exploit IP: 192.168.184.145 Server-A IP: 192.168.184.132 Server-B IP: 192.168.184.148 (Only permits Server-A to connect) Perimeter Network Internal Network © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 22. Scenario 3. Deep penetration [Demo] Exploitation. Server-A IP: 192.168.220.145 Deep Exploit IP: 192.168.220.150 Server-B IP: 192.168.220.146 (Only permits Server-A to connect) Connectable Connectable Exploit via Server-A Connectable Exploit via Server-A Directly connect Perimeter Network Internal Network Server-C IP: 192.168.220.152 (Only permits Server-A to connect) https://youtu.be/s-Km-BE8NxM © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 23. ・I developed a fully automated penetration testing tool called DeepExploit. ・The DeepExploit consists of ML model and Metasploit. ・The ML model is Deep Reinforcement Learning that can learn how to exploit by itself. ・ The DeepExploit can execute exploit at pinpoint (minimum 1 attempt) using ML model. ・ If succeeds the exploit, the DeepExploit can execute exploit to the internal servers. ・Current version of DeepExploit is PoC, so I have any blueprints: - I have to improve accuracy of exploitation. - I exchange the ML model to Monte Carlo Tree Search (MCTS). Conclusion. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 24. ・Source codes & Usage https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit GitHub: 13o-bbr-bbq Resource © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019
  • 25. © 2019 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. Blue Box 2019 Who we are: Company MBSD - Mitsui Bussan Secure Directions, Inc. Established 2001 Head office Tokyo, Japan Paid in capital JPY 400 Mil (100% subsidiary of Mitsui & Co., Ltd) Employees 256 Industry affiliations Leading companies in Japan, such as telecoms, banks, retailers, internet business and the governments. Businesses Professional security services to protect business from cyber attacks. Vulnerability Assessment/Penetration test (Web/NW/Internet of Things…) Services Managed Security Services, Incident Response, GRC Consulting, R&D.
  • 26. Reference all source codes and document: https://github.com/13o-bbr-bbq/