Slide 1

Slide 1 text

೥݄೔ 4&$$0/ 0QFO$POGFSFODF

Slide 2

Slide 2 text

Agenda What’s BOCCHIʁ Background Overview Feature Extra Summary

Slide 3

Slide 3 text

What’s BOCCHI?

Slide 4

Slide 4 text

What’s BOCCHI? Bot Operating Chat Communication Hacking Interface

Slide 5

Slide 5 text

What’s BOCCHI? ͜ͷπʔϧ͸ɺνϟοτπʔϧʢMattermostʣΛ ׆༻ͨ͠νϟοτܕϖωτϨʔγϣϯςετπʔ ϧͰ͋ΔɻϢʔβʔ͸Ϙοτͱձ࿩͢Δʢ໋ྩ ͢ΔʣࣄͰɺϖωτϨʔγϣϯςετʹ͓͚Δ ఁ࡯׆ಈ΍ɺ੬ऑੑ਍அɺ؆୯ͳೝূࢼߦ߈ܸ Λ͢Δࣄ͕Ͱ͖·͢ɻ

Slide 6

Slide 6 text

Background

Slide 7

Slide 7 text

Background ࡢ೥ͷOpen conferenceͰɺKaliPAKUͱ͍ ͏ॳ৺ऀ޲͚ϖωτϨʔγϣϯςετ πʔϧΛൃද͠·ͨ͠ɻ ͦͷπʔϧΛ࣮ࡍʹϖωτϨʔγϣϯς ετΛֶͼ࢝Ίֶͨੜʹ࢖ΘͤͯΈͯ ϑΟʔυόοΫΛ΋Β͍·ͨ͠ɻ

Slide 8

Slide 8 text

Background ϑΟʔυόοΫͷதʹ͸ʮ࢖͍΍͍͢ʯʮͥͻ৬৔ Ͱීٴ͍ͨ͠ʯͳͲྑ͍ҙݟ΋͋Γ·͕ͨ͠ɺҎԼ ͷΑ͏ͳҙݟ΋Ұఆ਺͋Γ·ͨ͠ɻ ʮͲͷίϚϯυΛ࢖͑͹ྑ͍ͷ͔Θ͔Βͳ͍ʯ ʮॳ৺ऀ͔ͩΒɺԿΛͨ͠Βྑ͍͔Θ͔Βͳ͍ʯ ʮӳޠͰॻ͔Ε͍ͯΔͱ࢖͍ʹ͍͘ʯ ʮCUIΑΓGUIͷํ͕࢖͍΍͍͢ʯ

Slide 9

Slide 9 text

Background ໰୊఺ͷચ͍ग़͠ 1. ίϚϯυ͕ͨ͘͞Μ࢖͑ΔˠબͿͷʹࠔΔ 2. ӳޠ͔Β೔ຊޠ΁ 3. ૢ࡞ੑͷ௥ٻˠςϯΩʔΛ௒͑Δૢ࡞ੑ 4. ಋೖ͕༰қͳΠϯλʔϑΣʔε

Slide 10

Slide 10 text

Background KaliPAKUͰ͸ɺϖωτϨʔγϣϯςε τͰࠔΒͳ͍༷ʹKali tools Top10Ͱڍ ͛ΒΕ͍ͯΔπʔϧΛ࢖͑Δ༷ʹͨ͠ ͕ɺॳ৺ऀͱͯ͠͸ʮԿΛ͢Δʯʹ͸ ʮͲͷπʔϧΛ࢖͏ʯͱ͍͏఺Ͱ೰Μ Ͱ͠·͏ɻ πʔϧΛߟྀ͢Δࣄͳ͘࠷௿ݶͷۀ຿ ͕Ͱ͖Δ༷ʹ͢Δɻ

Slide 11

Slide 11 text

Background ࢖༻ݴޠΛӳޠ͔Β೔ຊޠ΁

Slide 12

Slide 12 text

Background ςϯΩʔΛ௒͑Δૢ࡞ੑΛٻΊɺϑϦοΫೖྗʹΑΔૢ࡞ੑΛ௥ٻ

Slide 13

Slide 13 text

Background ͳͥϑϦοΫೖྗͳͷ͔ʁ 2019೥7݄ʹʮεϚʔτϑΥϯͷจࣈೖྗ ͸ͲΕΛ࢖͍ͬͯ·͔͢ʁʯͱΞϯέʔτ ͕ߦΘΕͨɻ ༗ޮճ౴ऀ਺979ਓͷ͏ͪ653ਓɺ66.7ˋ ΋ͷεϚϗϢʔβʔ͕ϑϦοΫೖྗΛϝΠ ϯʹ࢖͍ͬͯΔͱճ౴ͨ͠ ࠓ͞Βฉ͚ͳ͍ʮϑϦοΫೖྗʯͷ΍Γํɾઃఆɹθϩ͔Β࿅श͢ΔίπΛ఻त https://mag.app-liv.jp/archive/123964/#482044

Slide 14

Slide 14 text

Background 15ࡀ ~ 19ࡀ͕77.9ˋ௒͑ͱ4ਓʹ3ਓ͸ϑ ϦοΫೖྗΛ࢖༻ ࠓͷए͍ੈ୅͸ύιίϯΑΓ΋ઌʹɺεϚ ϗʹ৮ΕΔࣄ͕ଟ͍ͨΊͱߟ͑ΒΕΔ ΩʔϘʔυೖྗʢςϯΩʔೖྗʣΑΓ΋ϑ ϦοΫೖྗͷํ͕ΩϟϦΞ͕௕͍ ࠓ͞Βฉ͚ͳ͍ʮϑϦοΫೖྗʯͷ΍Γํɾઃఆɹθϩ͔Β࿅श͢ΔίπΛ఻त https://mag.app-liv.jp/archive/123964/#482044

Slide 15

Slide 15 text

Background ॳ৺ऀͰ΋ಋೖ͕༰қͳΠϯλʔϑΣʔε εϚϗͷීٴʹΑΓҰൠԽͨ͠ͷ͕ϝο ηʔδΞϓϦ ౰વίϚϯυೖྗΑΓϝοηʔδΛૹΔ ૢ࡞ͷํ͕༰қ νϟοτϘοτͱͷ΍ΓऔΓʹ஫໨

Slide 16

Slide 16 text

Background MMDݚڀॴ͸ɺ2022೥ʹ೔ຊɺΞϝϦΧɺ தࠃʹॅΉ15ࡀ ~ 69ࡀͷεϚʔτϑΥϯΛ ॴ༗͢ΔஉঁΛର৅ʹɺʮ೔ถத3ϲࠃ౎ࢢ ෦εϚʔτϑΥϯϢʔβʔൺֱௐࠪʯΛ࣮ࢪ िʹ1ճҎ্ར༻͍ͯ͠ΔΞϓϦͷδϟϯϧ Λฉ͍ͨͱ͜Ζɺ೔ຊͰ͸ʮϝοηʔδΞ ϓϦʯ͕78.1ˋͱ࠷΋ଟ͘ɺ͍ͭͰʮEϝʔ ϧʯ͕63.2ˋɺʮఱؾʯ͕54.9ˋͱͳͬͨɻ ओͳ࿈བྷΞϓϦɺ೔ຊʮLINEʯถࠃʮInstagramʯதࠃʮඍ৴(WeChat)ʯʲMMDݚڀॴௐ΂ʳ https://webtan.impress.co.jp/n/2022/11/28/43705

Slide 17

Slide 17 text

Background ୭΋͕ೃછΈ͋ΔϝοηʔδΞϓϦͷΠ ϯλʔϑΣʔε εϚʔτϑΥϯΛ࢖༻ͨ͠ϑϦοΫೖྗ͕ Մೳ ೔ຊޠͰɺ΍Γ͍ͨࣄΛ఻͑Ε͹࣮ߦͯ͠ ͘ΕΔνϟοτϘοτ

Slide 18

Slide 18 text

Overview

Slide 19

Slide 19 text

Overview ΩʔϘʔυɺ·ͨ͸ϑϦοΫೖྗͰϘοτ΁໋ྩ͢Δͱɺ΢ΣϒϑοΫ͕PythonʢBOCCHIʣʹ໋ྩΛ఻͑ɺ Python͕֤छπʔϧΛ࣮ߦ͢Δ

Slide 20

Slide 20 text

Feature

Slide 21

Slide 21 text

Feature ϝχϡʔදࣔ ϙʔτεΩϟϯ ੬ऑੑ਍அ ೝূࢼߦ etc…

Slide 22

Slide 22 text

Feature νϟοτ্ͰτϦΨʔϫʔυʢˏbocchiʣͷޙ ʹ໋ྩจΛ෇͚ͯൃݴ͢Δ͜ͱͰɺίϚϯυ͕ ࣮ߦ͞ΕϦϓϥΠϝοηʔδͱͯ݁͠Ռ͕දࣔ ͞ΕΔɻ

Slide 23

Slide 23 text

Feature BOCCHIͰ͸ɺʮͯʹΛ͸ʯ͕ଟগग़དྷͯ ͍ͳͯ͘΋ɺ໋ྩͱͳΔΩʔϫʔυΛ֬ ೝ͢ΔࣄͰɺίϚϯυΛ࣮ߦɻ ܗଶૉղੳΤϯδϯΛऔΓೖΕͯޱޠௐ Ͱͷ໋ྩΛड͚෇͚ɺܗଶૉ͝ͱʹ෼ׂ ͠෼ͪॻ͖ʢ୯ޠʹ෼ׂʣ໋ͯ͠ྩΛड ͚෇͚͍ͯΔɻ

Slide 24

Slide 24 text

Feature ܗଶૉղੳΤϯδϯJanomeʢऄͷ໨ʣ Janome͸Pure PythonͰॻ͔Εͨࣙॻ಺แͷܗଶૉ ղੳث ґଘϥΠϒϥϦແ͠ͰΠϯετʔϧͰ͖ɺΞϓϦ έʔγϣϯʹ૊ΈࠐΈ΍͍͢γϯϓϧͳAPIΛඋ͑ ΔܗଶૉղੳϥΠϒϥϦ https://github.com/mocobeta/janome

Slide 25

Slide 25 text

Feature ܗଶૉղੳ ɹର৅ͱͳΔݴޠͷจ๏΍୯ޠͷ඼ࢺ ৘ใΛ΋ͱʹɺจষΛܗଶૉʹ෼ղ͢ Δղੳɻࣗવݴޠॲཧ෼໺Ͱࣄલॲཧ ͱͯ͠༻͍ΒΕΔख๏ ܗଶૉ ɹҙຯΛ࣋ͭදݱཁૉͷ࠷খ୯Ґ ୯ޠ ඼ࢺ ඼ࢺࡉ෼ྨ ࢲ ໊ࢺ ୅໊ࢺ ͸ ॿࢺ ܎ॿࢺ ϓϩάϥϛϯά ໊ࢺ αม઀ଓ Λ ॿࢺ ֨ॿࢺ ษڧ ໊ࢺ αม઀ଓ ͠ ಈࢺ ཱࣗ ͯ ॿࢺ ઀ଓॿࢺ ͍ ಈࢺ ඇཱࣗ ·͢ ॿಈࢺ ʔ ɻ ه߸ ۟఺ ʮࢲ͸ϓϩάϥϛϯάΛษڧ͍ͯ͠·͢ɻʯ

Slide 26

Slide 26 text

Feature ͳͥLLMΛ࢖༻͠ͳ͍ͷ͔ʁ ΦϑϥΠϯ؀ڥͰϓϩάϥϜΛར༻͢Δओͳར఺ 1. Πϯλʔωοτґଘੑͷճආ: Πϯλʔωοτ ઀ଓ͕ෆ҆ఆ·ͨ͸ར༻Ͱ͖ͳ͍ঢ়گͰ΋ɺ ϓϩάϥϜ͕ػೳ͢ΔͨΊɺ৴པੑ͕޲্ 2. ηΩϡϦςΟ޲্: Πϯλʔωοτʹ઀ଓͤͣ ʹϓϩάϥϜΛ࣮ߦ͢Δ͜ͱͰɺηΩϡϦ ςΟ্ͷϦεΫΛ࠷খݶʹ཈͑Δ͜ͱ͕Ͱ ͖ɺ֎෦ͱͷ௨৴Λආ͚Δ͜ͱͰ৘ใ࿙Ӯͷ Մೳੑ͕௿ݮ

Slide 27

Slide 27 text

Feature BOCCHI಺ͰߦΘΕ͍ͯΔॲཧͷྲྀΕ ɹɹɹʮIPΞυϨεΛεΩϟϯͯ͠ʯ໋ྩΛड͚औΔ ɹɹɹJanomeͰ ɹɹɹʮIPΞυϨεʯʮΛʯʮεΩϟϯʯʮ͢Δʯʮͯʯ ɹɹɹʹ෼ͪॻ͖͞ΕΔ ɹɹɹΩʔϫʔυΛݕࡧ͠ɺࠓճͳΒnmap͕બ୒͞ΕΔ ɹɹɹnmapίϚϯυͷߏங ɹɹɹίϚϯυͷ࣮ߦ

Slide 28

Slide 28 text

Feature ᶃʮʢIPΞυϨεʣΛεΩϟϯͯ͠ʯ ͱ໋ͣΔ ᶄ໋ྩΛ෼ͪॻ͖ʹ௚͢ ᶅΩʔϫʔυΛΑΓnmapίϚϯυΛ࡞੒ nmap -vv --reason -Pn -T4 -sV -sC --version-all -A —osscan-guess --script=vuln -oA IPAddress ᶆnmapͷ࣮ߦ

Slide 29

Slide 29 text

Feature εΩϟϯ݁Ռ͸ɺࣗಈతʹFaraday΁Πϯϙʔτ ݁ՌͷՄࢹԽ

Slide 30

Slide 30 text

Feature ʮαʔϏεΛදࣔͯ͠ʯ΍ʮ੬ऑੑΛ දࣔͯ͠ʯͱ໋ྩ͢Δͱνϟοτ্ ͰɺεΩϟϯ݁ՌͷҰ෦ʢݕग़ͨ͠ αʔϏεͷҰཡ΍ɺ੬ऑੑͷҰཡʣΛ ֬ೝ͢Δࣄ͕Մೳ

Slide 31

Slide 31 text

Feature ʮೝূࢼߦΛͯ͠ʯͱ໋ྩ͢Δͱ BrutesprayΛ࢖༻ͨ͠؆қతͳೝ ূࢼߦ߈ܸΛ࣮ߦ͠ɺऴྃޙʹ݁ ՌΛදࣔ

Slide 32

Slide 32 text

Feature ʮ੬ऑੑ਍அΛͯ͠ʯͱ໋ྩ͢ΔͱGVM ʢGreenbone Vulnerability Manager چ OpenVASʣΛ࢖༻ͨ͠੬ऑੑ਍அΛ࣮ߦ ͜ͷࡍɺࡉ͔͍ઃఆΛٻΊΒΕΔࣄͳ͘ࣄ લʹఆΊͨ਍அํ๏Ͱ਍அ͕ߦΘΕΔɻ

Slide 33

Slide 33 text

Feature ʮεΩϟϯʹ͍ͭͯڭ͑ͯʯ΍ʮ੬ऑੑ਍அ ʹ͍ͭͯڭ͑ͯʯͱ࣭໰͢ΔࣄͰɺ࢖༻͢Δ πʔϧ΍ίϚϯυʹ͍ͭͯղઆ ʮର৅IPΞυϨεͷௐࠪঢ়گΛڭ͑ͯʯͱ࣭ ໰͢Ε͹ɺ࣮ߦϩάΛ෼ੳͯ͠ର৅IPΞυϨ εʹରͯ͠ͷௐࠪঢ়گΛ֬ೝՄೳɻ ෳ਺γεςϜΛௐࠪ͢Δࡍͷೋ౓खؒΛ๷ࢭ

Slide 34

Slide 34 text

Feature ؆୯ͳૢ࡞Ͱߦ͑Δ൓໘ɺ҆શ໘Λߟྀ͢ Δඞཁ͕͋Δɻʢྫ͑͹είʔϓൣғ֎΁ ͷΞΫηε΍ɺޡૢ࡞౳ʣ BOCCHIͰ͸ɺࣄલʹௐࠪର৅ͱͳΔIPΞ υϨεΛొ࿥͠ɺௐ࣮ࠪߦલʹొ࿥͞Εͨ IPΞυϨε͔ͷ֬ೝΛ࣮ࢪ ޡૢ࡞Λ๷͙ҝʹ࣮ߦલͷঝೝػೳΛ࣮૷

Slide 35

Slide 35 text

Extra

Slide 36

Slide 36 text

Extra ࢲͷ৬৔͸ɺສ೥ਓࡐෆ଍ͷҝɺOJTͱশͯ͠ ݱ৔ʹ৽ਓΛಉߦͤ͞Δࣄ͕ଟʑ͋Δɻ ͔͠͠ɺݱ৔Ͱ৽ਓͷ૬खΛ͢Δ༨༟͸ແ͍ɻ ΩϟϦΞͷઙ͍൴ΒʹޮՌతͳOJT͸๬Ίͣɺ ๣؍͢Δ͚ͩͷ৔߹͕ଟ͍ɻʢԿΛͯ͠ྑ͍͔ Θ͔Βͳ͍ҝʣ ? ?

Slide 37

Slide 37 text

Extra ϖϯςελʔʢॳ৺ऀ΍ڵຯͷ͋Δऀʣ ԿΛ͢Ε͹ྑ͍͔Θ͔Βͳ͍࣌͸νϟοτ্Ͱ BOCCHIʹ࣭໰ͨ͠ΓɺίϚϯυ͕Θ͔Βͳ͘ ͯ΋BOCCHIʹ໋ྩ͢Ε͹໰୊ղܾ ݱ৔ͷงғؾΛମײͰ͖ͯɺۀ຿ʹ΋҆৺ͯ͠ ࢀՃͰ͖ΔͷͰOJTͷޮՌ΋ظ଴Ͱ͖Δ ͻͱΓͰ೰·ͳ͍͍ͯ͘

Slide 38

Slide 38 text

Extra ϒϧʔνʔϜ΍SOC ઐ໳తͳ஌͕ࣝͳͯ͘΋ɺBOCCHI ʹ໋ྩ͢Δ͚ͩͰٖࣅతͳαΠόʔ ߈ܸʢೝূࢼߦ΍੬ऑੑ਍அʣ͕ग़ དྷΔͷͰɺϒϧʔνʔϜ΍SOCͷτ Ϩʔχϯάʹ΋׆༻Ͱ͖Δ εΩϟϯ΍ೝূࢼߦͷ ࠟ੻

Slide 39

Slide 39 text

Extra ਓࡐҭ੒ͱͯ͠͸ؒҧ͍ͬͯΔ͕ɺBOCCHIΛ ׆༻͢Δ͜ͱͰແବʹͳ͍ͬͯͨϦιʔεʢ৽ ਓͷPCʣΛ༗ޮ׆༻͢Δࣄ͕Ͱ͖Δɻ৽ਓͷ BotԽʢΤϰΝϯήϦΦϯͷμϛʔγεςϜత ͳ΋ͷʣͰ͋Δɻ ࢍ൱྆࿦͋Δͱࢥ͏͕ɺԿ΋ͤͣʹͨͩը໘Λ ද͍ࣔͤͯ͞ΔPC͕༨͍ͬͯΔͳΒ͹ɺओ຿ ऀͷखͱͳΓ଍ͱͳΓۀ຿Λগ͠Ͱ΋͜ͳͨ͠ ํ͕ޮ཰͸ྑ͘ͳΔͱߟ͑Δɻ

Slide 40

Slide 40 text

Summary AIνϟοτ·Ͱ͸ߦ͔ͳ͍͚ΕͲ؆୯ͳձ࿩͸ΦϑϥΠϯͰ΋੒ཱ͢Δ ݱ৔ʹ଍Γͳ͍ϗεϐλϦςΟ͸πʔϧͰิ׬ ݶΒΕͨϦιʔε͸༗ޮ׆༻͢΂͖ ؀ڥ͕੔͑͹εϚʔτϑΥϯͰ΋ϖωτϨʔγϣϯςετ͸Ͱ͖Δ BOCCHI͕͋Ε͹ಠΓ͡Όͳ͍ ຖ೥ɺຖ೥৽͍͠πʔϧΛ࡞ͬͯൃද͢Δͷ͸ԿؾʹΩπ͍

Slide 41

Slide 41 text

Thank you for listening! Any Question? Github: https://github.com/01rabbit/BOCCHI XʢچTwitterʣ: https://twitter.com/01ra66it