DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Autonomous Security Analysis and Penetration Testing (ASAP)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Autonomous Security Analysis and Penetration Testing (ASAP)

    Penetration Testing (Pentesting) involves skilled cybersecurity professionals generating a plan of attack for finding and exploiting vulnerabilities in the networks, and applications. The current procedure used in pen-testing is semi-automated at best and requires significant human effort. Moreover, the plan of attack followed by pen-testers may not yield best outcomes in terms of exploiting vulnerabilities in the provided time. Our framework, ASAP utilizes software vulnerabilities and network topology information to provide an artificial intelligence-based automated attack plan.
    Our framework Autonomous Security Analysis and Penetration Testing (ASAP) utilizes the reachability information between different network hosts and software vulnerabilities to generate a state transition graph known as attack graph. Each state in the attack graph represents the current privilege of the attacker. The attack graph also encodes information about the possible next state transitions in the network. In effect attack graph maps all possible exploits and privilege escalations possible in a network. This information is provided to Artificial Intelligence (AI) module. The AI module utilizes a popular framework known as Partially Observable Markov Decision Process (POMDP) to encode uncertainty over different state transitions, and reward obtained by attackers on achieving different privilege levels. The output generated by the AI module - Attack Policy provides the best course of action for a penetration tester/ red team member in the current network setup. The attack policy generated by the ASAP framework can be deployed on target enterprise networks using automated exploitation tools such as Metasploit. Based on our experimental evaluation in a cloud network setup, the attack policy generated by our framework does significantly better than human penetration testers in terms of finding and exploiting vulnerabilities in a network.

    Speaker(s): Ankur Chowdhary

    Location: Red Team Vlg

    Discord: https://discord.com/channels/7082082...77357820411944

    Event starts: 2020-08-09 08:30 (08:30 AM) PDT (UTC -07:00)

    Event ends: 2020-08-09 09:30 (09:30 AM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:28 (UTC).
    Starts
    August 9, 2020 08:30
    Ends
    August 9, 2020 09:30
    Location
    Red Team Vlg
Working...
X