BOCCHI

Transcript

1. ೥݄೔
   4&$$0/
   0QFO
   $POGFSFODF

2. Agenda What’s BOCCHIʁ Background Overview Feature Extra Summary

3. What’s BOCCHI?

4. What’s BOCCHI? Bot Operating Chat Communication Hacking Interface

5. What’s BOCCHI? ͜ͷπʔϧ͸ɺνϟοτπʔϧʢMattermostʣΛ ׆༻ͨ͠νϟοτܕϖωτϨʔγϣϯςετπʔ ϧͰ͋ΔɻϢʔβʔ͸Ϙοτͱձ࿩͢Δʢ໋ྩ ͢ΔʣࣄͰɺϖωτϨʔγϣϯςετʹ͓͚Δ ఁ࡯׆ಈ΍ɺ੬ऑੑ਍அɺ؆୯ͳೝূࢼߦ߈ܸ Λ͢Δࣄ͕Ͱ͖·͢ɻ

6. Background

7. Background ࡢ೥ͷOpen conferenceͰɺKaliPAKUͱ͍ ͏ॳ৺ऀ޲͚ϖωτϨʔγϣϯςετ πʔϧΛൃද͠·ͨ͠ɻ ͦͷπʔϧΛ࣮ࡍʹϖωτϨʔγϣϯς ετΛֶͼ࢝Ίֶͨੜʹ࢖ΘͤͯΈͯ ϑΟʔυόοΫΛ΋Β͍·ͨ͠ɻ

8. Background ϑΟʔυόοΫͷதʹ͸ʮ࢖͍΍͍͢ʯʮͥͻ৬৔ Ͱීٴ͍ͨ͠ʯͳͲྑ͍ҙݟ΋͋Γ·͕ͨ͠ɺҎԼ ͷΑ͏ͳҙݟ΋Ұఆ਺͋Γ·ͨ͠ɻ ʮͲͷίϚϯυΛ࢖͑͹ྑ͍ͷ͔Θ͔Βͳ͍ʯ ʮॳ৺ऀ͔ͩΒɺԿΛͨ͠Βྑ͍͔Θ͔Βͳ͍ʯ ʮӳޠͰॻ͔Ε͍ͯΔͱ࢖͍ʹ͍͘ʯ ʮCUIΑΓGUIͷํ͕࢖͍΍͍͢ʯ

9. Background ໰୊఺ͷચ͍ग़͠ 1. ίϚϯυ͕ͨ͘͞Μ࢖͑ΔˠબͿͷʹࠔΔ 2. ӳޠ͔Β೔ຊޠ΁ 3. ૢ࡞ੑͷ௥ٻˠςϯΩʔΛ௒͑Δૢ࡞ੑ 4. ಋೖ͕༰қͳΠϯλʔϑΣʔε

10. Background KaliPAKUͰ͸ɺϖωτϨʔγϣϯςε τͰࠔΒͳ͍༷ʹKali tools Top10Ͱڍ ͛ΒΕ͍ͯΔπʔϧΛ࢖͑Δ༷ʹͨ͠ ͕ɺॳ৺ऀͱͯ͠͸ʮԿΛ͢Δʯʹ͸ ʮͲͷπʔϧΛ࢖͏ʯͱ͍͏఺Ͱ೰Μ Ͱ͠·͏ɻ πʔϧΛߟྀ͢Δࣄͳ͘࠷௿ݶͷۀ຿

    ͕Ͱ͖Δ༷ʹ͢Δɻ

11. Background ࢖༻ݴޠΛӳޠ͔Β೔ຊޠ΁

12. Background ςϯΩʔΛ௒͑Δૢ࡞ੑΛٻΊɺϑϦοΫೖྗʹΑΔૢ࡞ੑΛ௥ٻ

13. Background ͳͥϑϦοΫೖྗͳͷ͔ʁ 2019೥7݄ʹʮεϚʔτϑΥϯͷจࣈೖྗ ͸ͲΕΛ࢖͍ͬͯ·͔͢ʁʯͱΞϯέʔτ ͕ߦΘΕͨɻ ༗ޮճ౴ऀ਺979ਓͷ͏ͪ653ਓɺ66.7ˋ ΋ͷεϚϗϢʔβʔ͕ϑϦοΫೖྗΛϝΠ ϯʹ࢖͍ͬͯΔͱճ౴ͨ͠ ࠓ͞Βฉ͚ͳ͍ʮϑϦοΫೖྗʯͷ΍Γํɾઃఆɹθϩ͔Β࿅श͢ΔίπΛ఻त https://mag.app-liv.jp/archive/123964/#482044

14. Background 15ࡀ ～ 19ࡀ͕77.9ˋ௒͑ͱ4ਓʹ3ਓ͸ϑ ϦοΫೖྗΛ࢖༻ ࠓͷए͍ੈ୅͸ύιίϯΑΓ΋ઌʹɺεϚ ϗʹ৮ΕΔࣄ͕ଟ͍ͨΊͱߟ͑ΒΕΔ ΩʔϘʔυೖྗʢςϯΩʔೖྗʣΑΓ΋ϑ ϦοΫೖྗͷํ͕ΩϟϦΞ͕௕͍ ࠓ͞Βฉ͚ͳ͍ʮϑϦοΫೖྗʯͷ΍Γํɾઃఆɹθϩ͔Β࿅श͢ΔίπΛ఻त

    https://mag.app-liv.jp/archive/123964/#482044

15. Background ॳ৺ऀͰ΋ಋೖ͕༰қͳΠϯλʔϑΣʔε εϚϗͷීٴʹΑΓҰൠԽͨ͠ͷ͕ϝο ηʔδΞϓϦ ౰વίϚϯυೖྗΑΓϝοηʔδΛૹΔ ૢ࡞ͷํ͕༰қ νϟοτϘοτͱͷ΍ΓऔΓʹ஫໨

16. Background MMDݚڀॴ͸ɺ2022೥ʹ೔ຊɺΞϝϦΧɺ தࠃʹॅΉ15ࡀ ～ 69ࡀͷεϚʔτϑΥϯΛ ॴ༗͢ΔஉঁΛର৅ʹɺʮ೔ถத3ϲࠃ౎ࢢ ෦εϚʔτϑΥϯϢʔβʔൺֱௐࠪʯΛ࣮ࢪ िʹ1ճҎ্ར༻͍ͯ͠ΔΞϓϦͷδϟϯϧ Λฉ͍ͨͱ͜Ζɺ೔ຊͰ͸ʮϝοηʔδΞ ϓϦʯ͕78.1ˋͱ࠷΋ଟ͘ɺ͍ͭͰʮEϝʔ

    ϧʯ͕63.2ˋɺʮఱؾʯ͕54.9ˋͱͳͬͨɻ ओͳ࿈བྷΞϓϦɺ೔ຊʮLINEʯถࠃʮInstagramʯதࠃʮඍ৴(WeChat)ʯʲMMDݚڀॴௐ΂ʳ https://webtan.impress.co.jp/n/2022/11/28/43705

17. Background ୭΋͕ೃછΈ͋ΔϝοηʔδΞϓϦͷΠ ϯλʔϑΣʔε εϚʔτϑΥϯΛ࢖༻ͨ͠ϑϦοΫೖྗ͕ Մೳ ೔ຊޠͰɺ΍Γ͍ͨࣄΛ఻͑Ε͹࣮ߦͯ͠ ͘ΕΔνϟοτϘοτ

18. Overview

19. Overview ΩʔϘʔυɺ·ͨ͸ϑϦοΫೖྗͰϘοτ΁໋ྩ͢Δͱɺ΢ΣϒϑοΫ͕PythonʢBOCCHIʣʹ໋ྩΛ఻͑ɺ Python͕֤छπʔϧΛ࣮ߦ͢Δ

20. Feature

21. Feature ϝχϡʔදࣔ ϙʔτεΩϟϯ ੬ऑੑ਍அ ೝূࢼߦ etc…

22. Feature νϟοτ্ͰτϦΨʔϫʔυʢˏbocchiʣͷޙ ʹ໋ྩจΛ෇͚ͯൃݴ͢Δ͜ͱͰɺίϚϯυ͕ ࣮ߦ͞ΕϦϓϥΠϝοηʔδͱͯ݁͠Ռ͕දࣔ ͞ΕΔɻ

23. Feature BOCCHIͰ͸ɺʮͯʹΛ͸ʯ͕ଟগग़དྷͯ ͍ͳͯ͘΋ɺ໋ྩͱͳΔΩʔϫʔυΛ֬ ೝ͢ΔࣄͰɺίϚϯυΛ࣮ߦɻ ܗଶૉղੳΤϯδϯΛऔΓೖΕͯޱޠௐ Ͱͷ໋ྩΛड͚෇͚ɺܗଶૉ͝ͱʹ෼ׂ ͠෼ͪॻ͖ʢ୯ޠʹ෼ׂʣ໋ͯ͠ྩΛड ͚෇͚͍ͯΔɻ

24. Feature ܗଶૉղੳΤϯδϯJanomeʢऄͷ໨ʣ Janome͸Pure PythonͰॻ͔Εͨࣙॻ಺แͷܗଶૉ ղੳث ґଘϥΠϒϥϦແ͠ͰΠϯετʔϧͰ͖ɺΞϓϦ έʔγϣϯʹ૊ΈࠐΈ΍͍͢γϯϓϧͳAPIΛඋ͑ ΔܗଶૉղੳϥΠϒϥϦ https://github.com/mocobeta/janome

25. Feature ܗଶૉղੳ ɹର৅ͱͳΔݴޠͷจ๏΍୯ޠͷ඼ࢺ ৘ใΛ΋ͱʹɺจষΛܗଶૉʹ෼ղ͢ Δղੳɻࣗવݴޠॲཧ෼໺Ͱࣄલॲཧ ͱͯ͠༻͍ΒΕΔख๏ ܗଶૉ ɹҙຯΛ࣋ͭදݱཁૉͷ࠷খ୯Ґ ୯ޠ ඼ࢺ

    ඼ࢺࡉ෼ྨ ࢲ ໊ࢺ ୅໊ࢺ ͸ ॿࢺ ܎ॿࢺ ϓϩάϥϛϯά ໊ࢺ αม઀ଓ Λ ॿࢺ ֨ॿࢺ ษڧ ໊ࢺ αม઀ଓ ͠ ಈࢺ ཱࣗ ͯ ॿࢺ ઀ଓॿࢺ ͍ ಈࢺ ඇཱࣗ ·͢ ॿಈࢺ ʔ ɻ ه߸ ۟఺ ʮࢲ͸ϓϩάϥϛϯάΛษڧ͍ͯ͠·͢ɻʯ

26. Feature ͳͥLLMΛ࢖༻͠ͳ͍ͷ͔ʁ ΦϑϥΠϯ؀ڥͰϓϩάϥϜΛར༻͢Δओͳར఺ 1. Πϯλʔωοτґଘੑͷճආ: Πϯλʔωοτ ઀ଓ͕ෆ҆ఆ·ͨ͸ར༻Ͱ͖ͳ͍ঢ়گͰ΋ɺ ϓϩάϥϜ͕ػೳ͢ΔͨΊɺ৴པੑ͕޲্ 2. ηΩϡϦςΟ޲্:

    Πϯλʔωοτʹ઀ଓͤͣ ʹϓϩάϥϜΛ࣮ߦ͢Δ͜ͱͰɺηΩϡϦ ςΟ্ͷϦεΫΛ࠷খݶʹ཈͑Δ͜ͱ͕Ͱ ͖ɺ֎෦ͱͷ௨৴Λආ͚Δ͜ͱͰ৘ใ࿙Ӯͷ Մೳੑ͕௿ݮ

27. Feature BOCCHI಺ͰߦΘΕ͍ͯΔॲཧͷྲྀΕ ɹɹɹʮIPΞυϨεΛεΩϟϯͯ͠ʯ໋ྩΛड͚औΔ ɹɹɹJanomeͰ ɹɹɹʮIPΞυϨεʯʮΛʯʮεΩϟϯʯʮ͢Δʯʮͯʯ ɹɹɹʹ෼ͪॻ͖͞ΕΔ ɹɹɹΩʔϫʔυΛݕࡧ͠ɺࠓճͳΒnmap͕બ୒͞ΕΔ ɹɹɹnmapίϚϯυͷߏங ɹɹɹίϚϯυͷ࣮ߦ

28. Feature ᶃʮʢIPΞυϨεʣΛεΩϟϯͯ͠ʯ ͱ໋ͣΔ ᶄ໋ྩΛ෼ͪॻ͖ʹ௚͢ ᶅΩʔϫʔυΛΑΓnmapίϚϯυΛ࡞੒ nmap -vv --reason -Pn -T4

    -sV -sC --version-all -A —osscan-guess --script=vuln -oA IPAddress ᶆnmapͷ࣮ߦ

29. Feature εΩϟϯ݁Ռ͸ɺࣗಈతʹFaraday΁Πϯϙʔτ ݁ՌͷՄࢹԽ

30. Feature ʮαʔϏεΛදࣔͯ͠ʯ΍ʮ੬ऑੑΛ දࣔͯ͠ʯͱ໋ྩ͢Δͱνϟοτ্ ͰɺεΩϟϯ݁ՌͷҰ෦ʢݕग़ͨ͠ αʔϏεͷҰཡ΍ɺ੬ऑੑͷҰཡʣΛ ֬ೝ͢Δࣄ͕Մೳ

31. Feature ʮೝূࢼߦΛͯ͠ʯͱ໋ྩ͢Δͱ BrutesprayΛ࢖༻ͨ͠؆қతͳೝ ূࢼߦ߈ܸΛ࣮ߦ͠ɺऴྃޙʹ݁ ՌΛදࣔ

32. Feature ʮ੬ऑੑ਍அΛͯ͠ʯͱ໋ྩ͢ΔͱGVM ʢGreenbone Vulnerability Manager چ OpenVASʣΛ࢖༻ͨ͠੬ऑੑ਍அΛ࣮ߦ ͜ͷࡍɺࡉ͔͍ઃఆΛٻΊΒΕΔࣄͳ͘ࣄ લʹఆΊͨ਍அํ๏Ͱ਍அ͕ߦΘΕΔɻ

33. Feature ʮεΩϟϯʹ͍ͭͯڭ͑ͯʯ΍ʮ੬ऑੑ਍அ ʹ͍ͭͯڭ͑ͯʯͱ࣭໰͢ΔࣄͰɺ࢖༻͢Δ πʔϧ΍ίϚϯυʹ͍ͭͯղઆ ʮର৅IPΞυϨεͷௐࠪঢ়گΛڭ͑ͯʯͱ࣭ ໰͢Ε͹ɺ࣮ߦϩάΛ෼ੳͯ͠ର৅IPΞυϨ εʹରͯ͠ͷௐࠪঢ়گΛ֬ೝՄೳɻ ෳ਺γεςϜΛௐࠪ͢Δࡍͷೋ౓खؒΛ๷ࢭ

34. Feature ؆୯ͳૢ࡞Ͱߦ͑Δ൓໘ɺ҆શ໘Λߟྀ͢ Δඞཁ͕͋Δɻʢྫ͑͹είʔϓൣғ֎΁ ͷΞΫηε΍ɺޡૢ࡞౳ʣ BOCCHIͰ͸ɺࣄલʹௐࠪର৅ͱͳΔIPΞ υϨεΛొ࿥͠ɺௐ࣮ࠪߦલʹొ࿥͞Εͨ IPΞυϨε͔ͷ֬ೝΛ࣮ࢪ ޡૢ࡞Λ๷͙ҝʹ࣮ߦલͷঝೝػೳΛ࣮૷

35. Extra

36. Extra ࢲͷ৬৔͸ɺສ೥ਓࡐෆ଍ͷҝɺOJTͱশͯ͠ ݱ৔ʹ৽ਓΛಉߦͤ͞Δࣄ͕ଟʑ͋Δɻ ͔͠͠ɺݱ৔Ͱ৽ਓͷ૬खΛ͢Δ༨༟͸ແ͍ɻ ΩϟϦΞͷઙ͍൴ΒʹޮՌతͳOJT͸๬Ίͣɺ ๣؍͢Δ͚ͩͷ৔߹͕ଟ͍ɻʢԿΛͯ͠ྑ͍͔ Θ͔Βͳ͍ҝʣ ? ?

37. Extra ϖϯςελʔʢॳ৺ऀ΍ڵຯͷ͋Δऀʣ ԿΛ͢Ε͹ྑ͍͔Θ͔Βͳ͍࣌͸νϟοτ্Ͱ BOCCHIʹ࣭໰ͨ͠ΓɺίϚϯυ͕Θ͔Βͳ͘ ͯ΋BOCCHIʹ໋ྩ͢Ε͹໰୊ղܾ ݱ৔ͷงғؾΛମײͰ͖ͯɺۀ຿ʹ΋҆৺ͯ͠ ࢀՃͰ͖ΔͷͰOJTͷޮՌ΋ظ଴Ͱ͖Δ ͻͱΓͰ೰·ͳ͍͍ͯ͘

38. Extra ϒϧʔνʔϜ΍SOC ઐ໳తͳ஌͕ࣝͳͯ͘΋ɺBOCCHI ʹ໋ྩ͢Δ͚ͩͰٖࣅతͳαΠόʔ ߈ܸʢೝূࢼߦ΍੬ऑੑ਍அʣ͕ग़ དྷΔͷͰɺϒϧʔνʔϜ΍SOCͷτ Ϩʔχϯάʹ΋׆༻Ͱ͖Δ εΩϟϯ΍ೝূࢼߦͷ ࠟ੻

39. Extra ਓࡐҭ੒ͱͯ͠͸ؒҧ͍ͬͯΔ͕ɺBOCCHIΛ ׆༻͢Δ͜ͱͰແବʹͳ͍ͬͯͨϦιʔεʢ৽ ਓͷPCʣΛ༗ޮ׆༻͢Δࣄ͕Ͱ͖Δɻ৽ਓͷ BotԽʢΤϰΝϯήϦΦϯͷμϛʔγεςϜత ͳ΋ͷʣͰ͋Δɻ ࢍ൱྆࿦͋Δͱࢥ͏͕ɺԿ΋ͤͣʹͨͩը໘Λ ද͍ࣔͤͯ͞ΔPC͕༨͍ͬͯΔͳΒ͹ɺओ຿ ऀͷखͱͳΓ଍ͱͳΓۀ຿Λগ͠Ͱ΋͜ͳͨ͠ ํ͕ޮ཰͸ྑ͘ͳΔͱߟ͑Δɻ

40. Summary AIνϟοτ·Ͱ͸ߦ͔ͳ͍͚ΕͲ؆୯ͳձ࿩͸ΦϑϥΠϯͰ΋੒ཱ͢Δ ݱ৔ʹ଍Γͳ͍ϗεϐλϦςΟ͸πʔϧͰิ׬ ݶΒΕͨϦιʔε͸༗ޮ׆༻͢΂͖ ؀ڥ͕੔͑͹εϚʔτϑΥϯͰ΋ϖωτϨʔγϣϯςετ͸Ͱ͖Δ BOCCHI͕͋Ε͹ಠΓ͡Όͳ͍ ຖ೥ɺຖ೥৽͍͠πʔϧΛ࡞ͬͯൃද͢Δͷ͸ԿؾʹΩπ͍

41. Thank you for listening! Any Question? Github: https://github.com/01rabbit/BOCCHI XʢچTwitterʣ: https://twitter.com/01ra66it