BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:655181ed-63df-4151-bfae-fbd79c62f0db
DTSTAMP:20260514T191420Z
SUMMARY:Autonomous Security Analysis and Penetration Testing (ASAP)
DESCRIPTION:Penetration Testing (Pentesting) involves skilled cybersecurity
  professionals generating a plan of attack for finding and exploiting vuln
 erabilities in the networks\, and applications. The current procedure used
  in pen-testing is semi-automated at best and requires significant human e
 ffort. Moreover\, the plan of attack followed by pen-testers may not yield
  best outcomes in terms of exploiting vulnerabilities in the provided time
 . Our framework\, ASAP utilizes software vulnerabilities and network topol
 ogy information to provide an artificial intelligence-based automated atta
 ck plan.\nOur framework Autonomous Security Analysis and Penetration Testi
 ng (ASAP) utilizes the reachability information between different network 
 hosts and software vulnerabilities to generate a state transition graph kn
 own as attack graph. Each state in the attack graph represents the current
  privilege of the attacker. The attack graph also encodes information abou
 t the possible next state transitions in the network. In effect attack gra
 ph maps all possible exploits and privilege escalations possible in a netw
 ork. This information is provided to Artificial Intelligence (AI) module. 
 The AI module utilizes a popular framework known as Partially Observable M
 arkov Decision Process (POMDP) to encode uncertainty over different state 
 transitions\, and reward obtained by attackers on achieving different priv
 ilege levels. The output generated by the AI module - Attack Policy provid
 es the best course of action for a penetration tester/ red team member in 
 the current network setup. The attack policy generated by the ASAP framewo
 rk can be deployed on target enterprise networks using automated exploitat
 ion tools such as Metasploit. Based on our experimental evaluation in a cl
 oud network setup\, the attack policy generated by our framework does sign
 ificantly better than human penetration testers in terms of finding and ex
 ploiting vulnerabilities in a network.\n\nSpeaker(s): Ankur Chowdhary\n\nL
 ocation: Red Team Vlg\n\nDiscord: https://discord.com/channels/70820826769
 9945503/726477357820411944\n\nEvent starts: 2020-08-09 08:30 (08:30 AM) PD
 T (UTC -07:00)\n\nEvent ends: 2020-08-09 09:30 (09:30 AM) PDT (UTC -07:00)
 \n\nFor the most up-to-date information\, please either visit https://info
 .defcon.org\, or use HackerTracker\, which is available for iOS and Androi
 d. This is an automated message\, and this data was last modified 2020-07-
 29T01:28 (UTC).
URL:https://forum.defcon.org/node/234338
DTSTART:20200809T163000Z
DTEND:20200809T173001Z
LOCATION:Red Team Vlg
END:VEVENT
END:VCALENDAR