SlideShare a Scribd company logo

Deep Exploit@Black Hat Europe 2018 Arsenal

Isao Takaesu
Isao Takaesu

Fully automatic penetration test tool using Machine Learning.

Technology
1 of 25
Download to read offline
Deep Exploit - Fully automated penetration test tool - December 6th,2018 Black Hat EUROPE 2018 Arsenal Presented by Isao Takaesu
Deep Exploit Perimeter Network External Firewall Web Servers DNS Servers Internal Firewall Database Server Web Server Internal Network Internal Computers Exploiting the servers on perimeter && internal networks. What is Deep Exploit?
Command Line Arguments Parser User’s Instructions ML Model A3C of Reinforcement Learning Penetration Test Framework Deep Exploit Target Server Trained Data RPC API Save/Restore Receive Result Send Commands Training Servers Testing Training Train : Train how to exploitation by itself. Test : Execute the exploit using trained data. Overview
Train : Train how to exploitation by itself. Test : Execute the exploit using trained data. Overview Command Line Arguments Parser User’s Instructions ML Model A3C of Reinforcement Learning Penetration Test Framework Deep Exploit Target Server Trained Data RPC API Save/Restore Receive Result Send Commands Training Servers Testing Training
・ ・ ・ Numerous Trials (about >10,000) Learn how to exploitation while trying numerous exploits. ・ ・ ・ Worker thread Parameter Server ・ ・ ・ … ⊿w=gradw ⊿w=gradw ⊿w=gradw ・ ・ ・ Worker thread Worker thread send recv recvsend recv send Target Host info OS type Product Name Version Exploit module Target Payloads cmd/unix/bind_ruby linux/x86/shell/bind_tcp bsd/x64/exec generic/debug_trap linux/mipsle/shell_bind_tcp mainframe/shell_reverse_tcp ・・・ … ・ ・ ・ Training Servers ・ ・ ・ ・ ・ ・ Train the Deep Exploit
https://youtu.be/8ht4y9tboNY Training Movie
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Processing Flow
Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents exploration : identify Web products using found product contents on the Web port. 3. Scrapy : gathering HTTP responses on the Web port. By analyze HTTP responses using Signature and Machine Learning, identify Web products. Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Intelligence Gathering
Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents exploration : identify Web products using found product contents on the Web port. 3. Scrapy : gathering HTTP responses on the Web port. By analyze HTTP responses using Signature and Machine Learning, identify Web products. Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Intelligence Gathering
HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> What are included the Web products in this HTTP response? Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Question
HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Deep Exploit can identify OpenSSL and PHP using Signature. But, this HTTP response includes more products. Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Answer (1)
HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Deep Exploit can identify joomla! and Apache using Machine Learning. Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Answer (2)
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Open session between “Deep Exploit” and front server. Step 1. Intelligence Gathering Step 2. Exploitation ・ Execute exploit to target server using trained data. ・ Open session between “Deep Exploit” and target server (=compromised server). Step 3. Post-Exploitation Step 4. Generate Report Exploitation
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Pivoting and execute the exploit to internal server. Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation ・ Pivoting and execute the exploit to internal server via compromised server. Step 4. Generate Report Post-Exploitation
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report If detect new server, repeat Step1-3 in new server. Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation ・ Pivoting and execute the exploit to internal server via compromised server. Step 4. Generate Report Post-Exploitation
Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report ・ Generate the report of penetration test. Generate Report
Server-A IP: 192.168.184.132 Deep Exploit IP: 192.168.184.145 Connectable Directly connect Scenario 1. Single target server https://youtu.be/mgEOBIM4omM ・Demo movie Demonstration
Server-A IP: 192.168.184.132 Deep Exploit IP: 192.168.184.145 Server-B IP: 192.168.184.148 (Only permits Server-A to connect) Connectable Connectable Connect via Server-A Scenario 2. Exploitation via compromised server (=Server-A) https://youtu.be/DsBNOGBjJNg ・Demo movie Directly connect Demonstration
Server-A IP: 192.168.220.145 Deep Exploit IP: 192.168.220.150 Server-B IP: 192.168.220.146 (Only permits Server-A to connect) Connectable Connectable Connect via Server-A Scenario 3. Deep penetration https://youtu.be/s-Km-BE8NxM ・Demo movie Server-C IP: 192.168.220.152 (Only permits Server-A to connect) Connectable Connect via Server-A Directly connect Demonstration
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit ・Source codes & Usage Deep Exploit resource
Another tool : GyoiThon [*] The GyoiThon is specialized in intelligence gathering of Web Server. It can gather target server information using several functions.
List of functions
List of gathered information Info category Example Product name/version WordPress/4.2.20, Apache/2.4.29, Jboss/4.2.3, OpenSSL/1.0.2n CVE number from NVD CVE-2017-15710, CVE-2016-0705, CVE-2017-14723 Open ports/certification [80/http, 443/https, 8080/http], [Cert Signature: MD5] [Cert validity 2017-08-15 00:00:00 to 2018-09-16 12:00:00] Unnecessary comments/ debug message <!-- debug - http://example.com/admn/secret.php -->, “Warning: mysql_connect() … in auth.php on line 38” Web product’s default contents/admin pages /wp-login.php, /phpMyAdmin/setup.php, /mailman/admin/ Real vulnerabilities [!] Collaboration Metasploit. exploit/unix/ftp/vsftpd_234_backdoor, exploit/freebsd/http/watchguard_cmd_exec, exploit/unix/webapp/carberp_backdoor_exec
https://github.com/gyoisamurai/GyoiThon ・Source codes & Usage GyoiThon resource
Reference all source codes and document: https://github.com/13o-bbr-bbq/machine_learning_security/

Recommended

[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...CODE BLUE
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsYevgeniy Brikman
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
JS authentication with auth0
JS authentication with auth0JS authentication with auth0
JS authentication with auth0Viral Parmar
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSCody Thomas
 

Recommended

[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...CODE BLUE
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsYevgeniy Brikman
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
JS authentication with auth0
JS authentication with auth0JS authentication with auth0
JS authentication with auth0Viral Parmar
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSCody Thomas
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016Russel Van Tuyl
 
Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Amazon Web Services
 
AppSec DC 2019 ASVS 4.0 Final.pptx
AppSec DC 2019 ASVS 4.0 Final.pptxAppSec DC 2019 ASVS 4.0 Final.pptx
AppSec DC 2019 ASVS 4.0 Final.pptxJosh Grossman
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration TestersNikhil Mittal
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksImperva
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wireInfoSec Addicts
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricksGarethHeyes
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfMike Felch
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug BountyNull Bhubaneswar
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3ManageEngine, Zoho Corporation
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 

More Related Content

What's hot

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016Russel Van Tuyl
 
Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Amazon Web Services
 
AppSec DC 2019 ASVS 4.0 Final.pptx
AppSec DC 2019 ASVS 4.0 Final.pptxAppSec DC 2019 ASVS 4.0 Final.pptx
AppSec DC 2019 ASVS 4.0 Final.pptxJosh Grossman
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration TestersNikhil Mittal
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksImperva
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wireInfoSec Addicts
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricksGarethHeyes
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfMike Felch
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 

What's hot (20)

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in Memory
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
 
Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout
 
AppSec DC 2019 ASVS 4.0 Final.pptx
AppSec DC 2019 ASVS 4.0 Final.pptxAppSec DC 2019 ASVS 4.0 Final.pptx
AppSec DC 2019 ASVS 4.0 Final.pptx
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration Testers
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI Attacks
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wire
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricks
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdf
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug Bounty
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 

Similar to Deep Exploit@Black Hat Europe 2018 Arsenal

Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3ManageEngine, Zoho Corporation
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Rahul Sasi
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Free OpManager training Part1- Discovery and classification
Free OpManager training Part1- Discovery and classificationFree OpManager training Part1- Discovery and classification
Free OpManager training Part1- Discovery and classificationManageEngine, Zoho Corporation
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Juniper Networks
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi OdessaJS Conf
 
Exploring billion states of a program like a pro. How to cook your own fast a...
Exploring billion states of a program like a pro. How to cook your own fast a...Exploring billion states of a program like a pro. How to cook your own fast a...
Exploring billion states of a program like a pro. How to cook your own fast a...Maksim Shudrak
 
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Positive Hack Days
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
Hack information of any website using webkiller
Hack information of any website using webkillerHack information of any website using webkiller
Hack information of any website using webkillerSoniakohli6
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsGraham Dumpleton
 

Similar to Deep Exploit@Black Hat Europe 2018 Arsenal (20)

Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
 
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Free OpManager training Part1- Discovery and classification
Free OpManager training Part1- Discovery and classificationFree OpManager training Part1- Discovery and classification
Free OpManager training Part1- Discovery and classification
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
 
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi
 
Exploring billion states of a program like a pro. How to cook your own fast a...
Exploring billion states of a program like a pro. How to cook your own fast a...Exploring billion states of a program like a pro. How to cook your own fast a...
Exploring billion states of a program like a pro. How to cook your own fast a...
 
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
 
Hack information of any website using webkiller
Hack information of any website using webkillerHack information of any website using webkiller
Hack information of any website using webkiller
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web Applications
 

More from Isao Takaesu

OSSで作る機械学習を用いたペネトレーションテストツール
OSSで作る機械学習を用いたペネトレーションテストツールOSSで作る機械学習を用いたペネトレーションテストツール
OSSで作る機械学習を用いたペネトレーションテストツールIsao Takaesu
 
サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -
サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -
サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -Isao Takaesu
 
ハニーポッター技術交流会
ハニーポッター技術交流会ハニーポッター技術交流会
ハニーポッター技術交流会Isao Takaesu
 
サイバーセキュリティ錬金術
サイバーセキュリティ錬金術サイバーセキュリティ錬金術
サイバーセキュリティ錬金術Isao Takaesu
 
GAとGANによる検査値の自動生成
GAとGANによる検査値の自動生成GAとGANによる検査値の自動生成
GAとGANによる検査値の自動生成Isao Takaesu
 
Pythonと機械学習によるWebセキュリティの自動化
Pythonと機械学習によるWebセキュリティの自動化Pythonと機械学習によるWebセキュリティの自動化
Pythonと機械学習によるWebセキュリティの自動化Isao Takaesu
 
脆弱性診断データの活用例 - Webアプリケーション診断編 -
脆弱性診断データの活用例 - Webアプリケーション診断編 -脆弱性診断データの活用例 - Webアプリケーション診断編 -
脆弱性診断データの活用例 - Webアプリケーション診断編 -Isao Takaesu
 
RECOMMENDER for Web security engineers - 中級編 -
RECOMMENDER for Web security engineers - 中級編 -RECOMMENDER for Web security engineers - 中級編 -
RECOMMENDER for Web security engineers - 中級編 -Isao Takaesu
 
RECOMMENDER for Web security engineers - 初級編 -
RECOMMENDER for Web security engineers - 初級編 -RECOMMENDER for Web security engineers - 初級編 -
RECOMMENDER for Web security engineers - 初級編 -Isao Takaesu
 
Convolutional Neural Networkに対する攻撃手法
Convolutional Neural Networkに対する攻撃手法Convolutional Neural Networkに対する攻撃手法
Convolutional Neural Networkに対する攻撃手法Isao Takaesu
 
Discussion AIの脆弱性について
Discussion AIの脆弱性についてDiscussion AIの脆弱性について
Discussion AIの脆弱性についてIsao Takaesu
 
機械学習関連情報の収集方法
機械学習関連情報の収集方法機械学習関連情報の収集方法
機械学習関連情報の収集方法Isao Takaesu
 
introduce "Stealing Machine Learning Models via Prediction APIs"
introduce "Stealing Machine Learning Models via Prediction APIs"introduce "Stealing Machine Learning Models via Prediction APIs"
introduce "Stealing Machine Learning Models via Prediction APIs"Isao Takaesu
 
機械学習を使ったハッキング手法
機械学習を使ったハッキング手法機械学習を使ったハッキング手法
機械学習を使ったハッキング手法Isao Takaesu
 
ITエンジニアのための機械学習理論入門 第5章
ITエンジニアのための機械学習理論入門 第5章ITエンジニアのための機械学習理論入門 第5章
ITエンジニアのための機械学習理論入門 第5章Isao Takaesu
 
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web AppsCODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web AppsIsao Takaesu
 
CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法
CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法
CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法Isao Takaesu
 
機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -
機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -
機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -Isao Takaesu
 
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)Isao Takaesu
 
Aiにwebアプリ診断をやらせてみる
Aiにwebアプリ診断をやらせてみるAiにwebアプリ診断をやらせてみる
Aiにwebアプリ診断をやらせてみるIsao Takaesu
 

More from Isao Takaesu (20)

OSSで作る機械学習を用いたペネトレーションテストツール
OSSで作る機械学習を用いたペネトレーションテストツールOSSで作る機械学習を用いたペネトレーションテストツール
OSSで作る機械学習を用いたペネトレーションテストツール
 
サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -
サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -
サイバーセキュリティ錬金術 - ノイズから価値あるデータを生成する技術 -
 
ハニーポッター技術交流会
ハニーポッター技術交流会ハニーポッター技術交流会
ハニーポッター技術交流会
 
サイバーセキュリティ錬金術
サイバーセキュリティ錬金術サイバーセキュリティ錬金術
サイバーセキュリティ錬金術
 
GAとGANによる検査値の自動生成
GAとGANによる検査値の自動生成GAとGANによる検査値の自動生成
GAとGANによる検査値の自動生成
 
Pythonと機械学習によるWebセキュリティの自動化
Pythonと機械学習によるWebセキュリティの自動化Pythonと機械学習によるWebセキュリティの自動化
Pythonと機械学習によるWebセキュリティの自動化
 
脆弱性診断データの活用例 - Webアプリケーション診断編 -
脆弱性診断データの活用例 - Webアプリケーション診断編 -脆弱性診断データの活用例 - Webアプリケーション診断編 -
脆弱性診断データの活用例 - Webアプリケーション診断編 -
 
RECOMMENDER for Web security engineers - 中級編 -
RECOMMENDER for Web security engineers - 中級編 -RECOMMENDER for Web security engineers - 中級編 -
RECOMMENDER for Web security engineers - 中級編 -
 
RECOMMENDER for Web security engineers - 初級編 -
RECOMMENDER for Web security engineers - 初級編 -RECOMMENDER for Web security engineers - 初級編 -
RECOMMENDER for Web security engineers - 初級編 -
 
Convolutional Neural Networkに対する攻撃手法
Convolutional Neural Networkに対する攻撃手法Convolutional Neural Networkに対する攻撃手法
Convolutional Neural Networkに対する攻撃手法
 
Discussion AIの脆弱性について
Discussion AIの脆弱性についてDiscussion AIの脆弱性について
Discussion AIの脆弱性について
 
機械学習関連情報の収集方法
機械学習関連情報の収集方法機械学習関連情報の収集方法
機械学習関連情報の収集方法
 
introduce "Stealing Machine Learning Models via Prediction APIs"
introduce "Stealing Machine Learning Models via Prediction APIs"introduce "Stealing Machine Learning Models via Prediction APIs"
introduce "Stealing Machine Learning Models via Prediction APIs"
 
機械学習を使ったハッキング手法
機械学習を使ったハッキング手法機械学習を使ったハッキング手法
機械学習を使ったハッキング手法
 
ITエンジニアのための機械学習理論入門 第5章
ITエンジニアのための機械学習理論入門 第5章ITエンジニアのための機械学習理論入門 第5章
ITエンジニアのための機械学習理論入門 第5章
 
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web AppsCODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
 
CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法
CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法
CODE BLUE 2016 - 機械学習でWebアプリケーションの脆弱性を見つける方法
 
機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -
機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -
機械学習でWebアプリの脆弱性を見つける - Reflected XSS 編 -
 
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)
 
Aiにwebアプリ診断をやらせてみる
Aiにwebアプリ診断をやらせてみるAiにwebアプリ診断をやらせてみる
Aiにwebアプリ診断をやらせてみる
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Deep Exploit@Black Hat Europe 2018 Arsenal

  • 1. Deep Exploit - Fully automated penetration test tool - December 6th,2018 Black Hat EUROPE 2018 Arsenal Presented by Isao Takaesu
  • 2. Deep Exploit Perimeter Network External Firewall Web Servers DNS Servers Internal Firewall Database Server Web Server Internal Network Internal Computers Exploiting the servers on perimeter && internal networks. What is Deep Exploit?
  • 3. Command Line Arguments Parser User’s Instructions ML Model A3C of Reinforcement Learning Penetration Test Framework Deep Exploit Target Server Trained Data RPC API Save/Restore Receive Result Send Commands Training Servers Testing Training Train : Train how to exploitation by itself. Test : Execute the exploit using trained data. Overview
  • 4. Train : Train how to exploitation by itself. Test : Execute the exploit using trained data. Overview Command Line Arguments Parser User’s Instructions ML Model A3C of Reinforcement Learning Penetration Test Framework Deep Exploit Target Server Trained Data RPC API Save/Restore Receive Result Send Commands Training Servers Testing Training
  • 5. ・ ・ ・ Numerous Trials (about >10,000) Learn how to exploitation while trying numerous exploits. ・ ・ ・ Worker thread Parameter Server ・ ・ ・ … ⊿w=gradw ⊿w=gradw ⊿w=gradw ・ ・ ・ Worker thread Worker thread send recv recvsend recv send Target Host info OS type Product Name Version Exploit module Target Payloads cmd/unix/bind_ruby linux/x86/shell/bind_tcp bsd/x64/exec generic/debug_trap linux/mipsle/shell_bind_tcp mainframe/shell_reverse_tcp ・・・ … ・ ・ ・ Training Servers ・ ・ ・ ・ ・ ・ Train the Deep Exploit
  • 7. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Processing Flow
  • 8. Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents exploration : identify Web products using found product contents on the Web port. 3. Scrapy : gathering HTTP responses on the Web port. By analyze HTTP responses using Signature and Machine Learning, identify Web products. Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Intelligence Gathering
  • 9. Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering 1. Nmap : identify open ports, products. 2. Contents exploration : identify Web products using found product contents on the Web port. 3. Scrapy : gathering HTTP responses on the Web port. By analyze HTTP responses using Signature and Machine Learning, identify Web products. Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Intelligence Gathering
  • 10. HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> What are included the Web products in this HTTP response? Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Question
  • 11. HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Deep Exploit can identify OpenSSL and PHP using Signature. But, this HTTP response includes more products. Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Answer (1)
  • 12. HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 06:56:17 GMT Server: OpenSSL/1.0.1g Content-Type: text/html; charset=UTF-8 Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587; path=/; Etag: "409ed-183-53c5f732641c0" …snip… <form action="/example/confirm.php"> Deep Exploit can identify joomla! and Apache using Machine Learning. Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Answer (2)
  • 13. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Open session between “Deep Exploit” and front server. Step 1. Intelligence Gathering Step 2. Exploitation ・ Execute exploit to target server using trained data. ・ Open session between “Deep Exploit” and target server (=compromised server). Step 3. Post-Exploitation Step 4. Generate Report Exploitation
  • 14. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Pivoting and execute the exploit to internal server. Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation ・ Pivoting and execute the exploit to internal server via compromised server. Step 4. Generate Report Post-Exploitation
  • 15. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report If detect new server, repeat Step1-3 in new server. Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation ・ Pivoting and execute the exploit to internal server via compromised server. Step 4. Generate Report Post-Exploitation
  • 16. Step 1. Intelligence Gathering Fully automatic (No human) Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report Step 1. Intelligence Gathering Step 2. Exploitation Step 3. Post-Exploitation Step 4. Generate Report ・ Generate the report of penetration test. Generate Report
  • 17. Server-A IP: 192.168.184.132 Deep Exploit IP: 192.168.184.145 Connectable Directly connect Scenario 1. Single target server https://youtu.be/mgEOBIM4omM ・Demo movie Demonstration
  • 18. Server-A IP: 192.168.184.132 Deep Exploit IP: 192.168.184.145 Server-B IP: 192.168.184.148 (Only permits Server-A to connect) Connectable Connectable Connect via Server-A Scenario 2. Exploitation via compromised server (=Server-A) https://youtu.be/DsBNOGBjJNg ・Demo movie Directly connect Demonstration
  • 19. Server-A IP: 192.168.220.145 Deep Exploit IP: 192.168.220.150 Server-B IP: 192.168.220.146 (Only permits Server-A to connect) Connectable Connectable Connect via Server-A Scenario 3. Deep penetration https://youtu.be/s-Km-BE8NxM ・Demo movie Server-C IP: 192.168.220.152 (Only permits Server-A to connect) Connectable Connect via Server-A Directly connect Demonstration
  • 21. Another tool : GyoiThon [*] The GyoiThon is specialized in intelligence gathering of Web Server. It can gather target server information using several functions.
  • 23. List of gathered information Info category Example Product name/version WordPress/4.2.20, Apache/2.4.29, Jboss/4.2.3, OpenSSL/1.0.2n CVE number from NVD CVE-2017-15710, CVE-2016-0705, CVE-2017-14723 Open ports/certification [80/http, 443/https, 8080/http], [Cert Signature: MD5] [Cert validity 2017-08-15 00:00:00 to 2018-09-16 12:00:00] Unnecessary comments/ debug message <!-- debug - http://example.com/admn/secret.php -->, “Warning: mysql_connect() … in auth.php on line 38” Web product’s default contents/admin pages /wp-login.php, /phpMyAdmin/setup.php, /mailman/admin/ Real vulnerabilities [!] Collaboration Metasploit. exploit/unix/ftp/vsftpd_234_backdoor, exploit/freebsd/http/watchguard_cmd_exec, exploit/unix/webapp/carberp_backdoor_exec
  • 25. Reference all source codes and document: https://github.com/13o-bbr-bbq/machine_learning_security/