»AI HACKER! Automatic vulnerability assessment & pen-testing of embedded & other systems«
2019-11-09, 17:40–17:50, Blue Day

We present the results of our government-funded R&D to develop an intelligent automated “vulnerability assessor and penetration tester (VAPT), usable as a virtual appliance for use on enterprise networks or cyber ranges, and as a portable device for use on embedded systems. It consists of two parts, an AI-supported vulnerability assessor and an AI-supported penetration tester. In one use case it intelligently automates software vulnerability assessment for embedded systems; in another use case, it intelligently automates the tasks of an ethical hacker (penetration tester) via the network, finding systems on the network, discovering vulnerabilities, and exposing them.

We present the results of our government-funded R&D to develop an intelligent automated (AI-supported)“vulnerability assessor and penetration tester (VAPT), usable as a virtual appliance for use on enterprise networks or cyber ranges, and as a portable device for use on embedded systems.

It consists of two parts: - AI vulnerability assessor: Intelligently automates software vulnerability assessment for embedded systems. It automatically executes sequences of actions on devices to identify ports (JTAG, UART etc.), break into a command shell, extract binaries (firmware), and run vulnerability assessments on the extracted software. - AI penetration tester: Intelligently automates the tasks of an ethical hacker (penetration tester). It automatically executes sequences of reconnaissance and exploit actions via the network, finding systems on the network, discovering vulnerabilities, and exposing them.

It supports VAPT for IP networks and for embedded systems: - Assessment via IP networks : an automated VAPT tool for IP-networked systems. It supports scanning IP networks and automatically pen-testing devices and networks. It can be used by non-experts. It probes networks and devices, intelligently selects action sequences, executes pen-test exploits, and creates reports. - Assessment via non-IP embedded ports : a portable device is used as an automated (VAPT) tool for embedded devices. It supports connection to non-IP interfaces (e.g. JTAG, UART), and can be used by non-experts to automatically assess already-fielded embedded systems. It detects & probes ports, intelligently selects action sequences, accesses the device & extracts firmware, carries out binary vulnerability assessments, and generates reports

For intelligent AI-driven action selection, the prototype includes an AI agent that learns over time and adapts a bit like a human vulnerability assessor or pen-tester, selecting the most promising sequence of actions.

This work is currently still at the R&D stage and we would like to present our current state to the toorcon community to gather feedback and to find collaborators. A demo video is at https://objectsecurity.com/whizrt-vaptbox