AI for Offensive Security: Beyond Fuzzing and Scanning

Transcript

1. AI for Offensive Security Beyond Fuzzing and Scanning Daniel Marques

2. Disclaimer The views and opinions expressed in this talk are

   our own and do not necessarily represent those of our employer. These slides are for educational purposes only and are not to be relied upon as professional advice.

3. Daniel Marques @0xc0da

4. Penetration Testing vs. Breach & Attack Simulation vs. Red/Purple Teaming?

   They all have different goals and serve different purposes. Coverage and exploitability Automation and scalability Improve detection and response

5. TYPICAL CHALLENGES Time consuming Quickly expanding attack surface Tools lack

   context and produce lots of false-positives Automation tools are rarely enough to perform quality testing
6. None

7. Scalability, flexibility, context-aware actions

8. Traditional approach to automation Data collection Problem Analysis and classification

   Report generation

9. Leverage LLM capabilities in areas they are more effective Summarization

   to generate reports Domain-specific problem solving Reasoning to help with planning

10. POTENTIAL ISSUES Long-term memory loss Lack of focus or diving

    too deep Hallucinations and inaccuracy LLMs are not the ultimate solution and results may vary. https://www.usenix.org/conference/usenixsecurity24/presentation/deng https://www.mdpi.com/1424-8220/24/21/6878

11. Multi-agent specialized per task

12. Orchestrator Agents Sample Architecture Data sources Recon Exploitation App Scanning

    Deployment

13. Start with UNDERSTANDING THE TASK AND BREAKING DOWN THE WORKFLOW

14. SIMPLIFIED TEST WORKFLOW Test Recon Report Fix Validate OK! Close

15. (…) The quality of a model’s response depends on the

    following aspects (outside of the model’s generation setting): The instructions for how the model should behave; the context the model can use to respond to the query; the model itself “” “” - Chip Huyen, AI Engineering

16. Recon agent Objective: Continuous identification of targets Tools Data collection

    Analysis and classification Storage RECON METHODOLOGY Data sources CONTEXT

17. Tools Previous test data Targets Goals Selects tool Runs against

    target Interpret results Creates write up Scores vulnerability Creates ticket Report USING MULTIPLE AGENTS CONTEXT

18. UNCENSORED AND LOCAL MODELS But test them thoroughly. They are

    like a box of chocolate. Look into

19. IDEAS WORTH SPREADING Somebody might be watching Models “want” to

    make you happy These models are tools, not the holy grail Keep these in mind when working with AI models
20. None

21. Key. Takeaways Context matters – give it to your agents

    You might still need to do some clean-up work Consider your OPSEC and jailbreaking effort

22. Thank you!

23. Credits • Man walking on rocky formations – Anna Urlapova

    - https://www.pexels.com/photo/man-walking-on-rock-formations- 2968723/ • Androids and building blocks – AI Generated with human touch-up • Two People Using Computers - Tima Miroshnichenko - https://www.pexels.com/photo/two-people-using-computers- 5380607/ • Red stop sign – Pixabay - https://www.pexels.com/photo/red-stop- sign-39080/ • Android puppet master – AI generated with human touch-up • Young game match kids – Breakingpic - https://www.pexels.com/photo/young-game-match-kids-2923/ • Pensive black man thinking in light room – Andres Ayrton - https://www.pexels.com/photo/pensive-black-man-thinking-in-light- room-6578415/ • LinkedIn logo - https://www.vecteezy.com/png/18930480-linkedin- logo-png-linkedin-icon-transparent-png • Thank you slide – AI generated with human touch-up