ZANSIN: Zero-based Automated New Security Training

Transcript

1. ZANSIN Zero-based Automated New SecurIty traiNing Presented by ZANSIN Project

2. About us (L to R) Yoshinori Matsumoto (@ym405nm) Takeya Yamazaki

   (@xxildxxind ) Koki Watarai (@ko8ki8) Shun Suzaki (@tigerszk ) Masahiro Tabata (@delphinz) Daiki Ichinose (@mahoyaya) Isao Takaesu (@bbr_bbq) Yoshihiro Kyan (@uranariz) Kazuki Igeta (@kazukiigeta) Yudai Yahara (@yud_yahara)

3. Starting from a workshop and becoming OSS Integrates insights and

   methodologies developed from hosting more than 20 international events, including the renowned HITCON in Taiwan. HITCON OWASP Japan　 Local Chapter AVTokyo SECCON電脳会議

4. Motivation Developed to address cybersecurity challenges by enhancing potentially vulnerable

   systems and providing a dynamic training environment for realistic cyber attacks. It provides solutions to the following issues: • Shortage of Cybersecurity Professionals • Gap in Education Levels • Replicating Potentially Vulnerable Systems • Speeding Up Incident Response

5. System Overview

6. Requirements Before deploying ZANSIN, you need to prepare the base

   environment. Don’t worry, it's very simple and easy. • Two Ubuntu Linux machines • A user account for ZANSIN • SSH That's all! We've taken care to prevent the learning environment from becoming overly complicated, allowing learners to focus on cybersecurity exercises.

7. Deployment of ZANSIN • On an Ubuntu Linux intended to

   be used as the ZANSIN Control Server, clone ZANSIN from GitHub. • Execute the "zansin" command. This command will automatically configure two Ubuntu Linux machines: ◦ ZANSIN Control Server: Attacks the Training Machine, simurates virtual legitimate service users, and evaluates learner's response. ◦ Training Machine: Hosts vulnerable web applications.

8. Vulnerable Browser Game • We have developed a vulnerable browser

   game called “MINI QUEST”. • This game system has various vulnerabilities that can cause security incidents in the real world. • It is configured with an infrastructure that is commonly used.

9. State Transition Diagram

10. Missions for Learners • Learners are given two major missions:

    ◦ Protect the gaming service from cyber attacks. ◦ Defend the gaming service against game cheating activities. • Both of these have a significant impact on the business's revenue. • Solutions that address the root causes rather than just providing temporary fixes are valued more highly. • The ability to maintain continuous operation of the service while implementing security measures is required!!

11. Crawling Module The ZANSIN Crawling Module is a crawler that

    simulates legitimate users. This crawler has the following functions: • Determines whether the service running on the Training Machine is operating normally. • If the service is normal, it utilizes that service. These capabilities allow for the calculation of the service's operational uptime and enable the service to generate revenue.

12. Attacking and Scoring Module • The ZANSIN Attacking Module acts

    as a cyber attacker, targeting vulnerable services on the Training Machine. • The ZANSIN Scoring Module evaluates whether learners have appropriately remedied vulnerabilities in the services on the Training Machine. • With these features provided by ZANSIN, it becomes possible to realistically experience real-world cyber attacks and perform a self-check to determine if root cause corrections have been made.

13. Future Works Add multiplayer mode for learning with multiple people

    instead of just individuals. 01 Add function to customize attack scenarios. 02 Improvements for accurately scoring learner incident responses. 03 Add function to evaluate the "amount charged" (revenue from gaming service) specific to gaming services. 04 Add mode where you can learn not only incident response but also forensics and penetration testing. 05 Add functions to help learning using machine learning. 06

14. Thank You https:/ /github.com/ZANSIN-sec/ZANSIN ANY QUESTIONS?