AI HACKER! Automatic vulnerability assessment & pen-testing of embedded & other systems

Presented at ToorCon San Diego TwentyOne (2019), Nov. 8, 2019, 5:40 p.m. (10 minutes).

We present the results of our government-funded R&D to develop an intelligent automated **“vulnerability assessor and penetration tester (VAPT)**, usable as a virtual appliance for use on enterprise networks or cyber ranges, and as a portable device for use on embedded systems. It consists of two parts, an* AI-supported vulnerability assessor* and an *AI-supported penetration tester*. In one use case it intelligently automates software vulnerability assessment for embedded systems; in another use case, it intelligently automates the tasks of an ethical hacker (penetration tester) via the network, finding systems on the network, discovering vulnerabilities, and exposing them. We present the results of our government-funded R&D to develop an intelligent automated (AI-supported)**“vulnerability assessor and penetration tester (VAPT),** usable as a virtual appliance for use on enterprise networks or cyber ranges, and as a portable device for use on embedded systems. It consists of two parts: - ***AI vulnerability assessor***: Intelligently automates software vulnerability assessment for embedded systems. It automatically executes sequences of actions on devices to identify ports (JTAG, UART etc.), break into a command shell, extract binaries (firmware), and run vulnerability assessments on the extracted software. - ***AI penetration tester:*** Intelligently automates the tasks of an ethical hacker (penetration tester). It automatically executes sequences of reconnaissance and exploit actions via the network, finding systems on the network, discovering vulnerabilities, and exposing them. It supports VAPT for IP networks and for embedded systems: - ** *Assessment via IP networks* **: an automated VAPT tool for IP-networked systems. It supports scanning IP networks and automatically pen-testing devices and networks. It can be used by non-experts. It probes networks and devices, intelligently selects action sequences, executes pen-test exploits, and creates reports. - ** *Assessment via non-IP embedded ports* **: a portable device is used as an automated (VAPT) tool for embedded devices. It supports connection to non-IP interfaces (e.g. JTAG, UART), and can be used by non-experts to automatically assess already-fielded embedded systems. It detects & probes ports, intelligently selects action sequences, accesses the device & extracts firmware, carries out binary vulnerability assessments, and generates reports For intelligent AI-driven action selection, the prototype includes an AI agent that learns over time and adapts a bit like a human vulnerability assessor or pen-tester, selecting the most promising sequence of actions. This work is currently still at the R&D stage and we would like to present our current state to the toorcon community to gather feedback and to find collaborators. A demo video is at [https://objectsecurity.com/whizrt-vaptbox](https://objectsecurity.com/whizrt-vaptbox "https://objectsecurity.com/whizrt-vaptbox")

Presenters:

  • Ulrich Lang, PhD
    Ulrich Lang | Co-Founder and CEO | ObjectSecurity LLC Ulrich received his Ph.D. from the University of Cambridge Computer Laboratory (Security Group) on conceptual aspects of middleware security in 2003 (sponsored by the UK Defence and Evaluation Research Agency (DERA), after having completed a Master’s Degree (M. Sc.) in Information Security with distinction from Royal Holloway College (University of London) in 1997. On the management side, Ulrich has recently completed a Business Marketing Strategy course at the Kellogg School of Management (Northwestern University). Ulrich is a renowned thought leader in cybersecurity (incl. model-driven security, access control policy, and application platform security), big data analytics, artificial intelligence, and virtual/augmented reality. He is currently working on an intelligent big-data supply chain risk analytics solution, and numerous projects around policy automation and policy testing. He is on the Board of Directors of the Cloud Security Alliance (Silicon Valley Chapter) and is a technical expert witness. He is responsible for the development of the OpenPMF user interface, policy automation and testing features. Ulrich runs the U.S. office in sunny San Diego, CA – and sometimes finds the time to play his sax (->open).

Links:

Similar Presentations: