Keynote : AI & Future Of Offensive Security
0 likes293 views
In the presentation, the focus is on the transformative impact of artificial intelligence (AI) in cybersecurity, particularly in the context of malware generation and adversarial attacks. AI promises to revolutionize the field by enabling scalable solutions to historically challenging problems such as continuous threat simulation, autonomous attack path generation, and the creation of sophisticated attack payloads. The discussions underscore how AI-powered tools like AI-based penetration testing can outpace traditional methods, enhancing security posture by efficiently identifying and mitigating vulnerabilities across complex attack surfaces. The use of AI in red teaming further amplifies these capabilities, allowing organizations to validate security controls effectively against diverse adversarial scenarios. These advancements not only streamline testing processes but also bolster defense strategies, ensuring readiness against evolving cyber threats.
Ad
More Related Content
Similar to Keynote : AI & Future Of Offensive Security (20)
More from Priyanka Aash (20)
Ad
Recently uploaded (20)
Ad
Keynote : AI & Future Of Offensive Security
- 1. AI & Future of Offensive Security FireCompass Technologies Inc. www.firecompass.com Arnab Chattopadhyay, Chief Research Officer Nirmal Kumar, VP – Sales
- 2. Only 10% of assets covered in a single pentest Pentest done yearly/quarterly VS 2200 #Attacks / Day / IP Organizations Pentest some of the assets some of the time Hackers attack all of the assets all of the time *
- 3. AI Use Cases for Security Testing ● Malware Generation and Analysis ● Adversarial Attack Simulation ● Phishing Email Generation ● Attack Payload Generation ● Synthetic User Behavior Creation ● Password Cracking ● Autonomous Attack Path Generation ● Deepfake Image Creation ● Firewall Rule Testing ● Incident Response Training ● Content Filter Testing ● NLP for Threat Intelligence ● Security Policy Validation ● Security Documentation Review
- 4. New class of Threat - AI Powered Malware AI Powered Malware Evasion Techniques Dodge Sandbox Adapt to Environment Using previous Data New Malware Variants Anti Reversing Autonomous Smart Decisions Eliminating C2 Execute machine-speed Targeted attack Cross platform AI against AI Adversarial attack Poisoning data Steal valuable data Model stealing Bio-inspired and Swarm intelligence Bio Inspired Evolvable malware Swarm based intelligence Mutating malware
- 5. BlackMamba
- 6. BlackMamba - an AI powered malware AI-synthesized, polymorphic keylogger with on-the-fly program modification BlackMamba comprises two main components. First: Python-compiled, executable consisting of two functions and a few imports (benign component) Second: Polymorphic payload that is generated and executed at runtime, consisting of the malicious keylogging functionality
- 7. BlackMamba - Prompt Engineering
- 8. BlackMamba - Polymorphic Code Generation and Execution
- 9. BlackMamba - Data Exfiltration using MS Teams
- 10. Use AI as Hackers would…. augment your classical Security Testing with AI * Don’t bring a knife to a gun-fight
- 11. Continuous Pentesting Continuous Red Teaming External Attack Surface Management (EASM) Know Your Attack Surface Before Your Adversary Does
- 12. Why Traditional Pen Testing/Vulnerability Management Fails? Organizations Pen Test Only Partial Asset Inventory Most organizations only pentest 10-20% of their crown jewel assets. Whereas attackers are gaining initial access through the 80% peripheral assets. Organizations Pen-Test Yearly/Quarterly; Hackers Attack Continuously 40% of new CVEs have exploits available within 24 hours Hacker’s don’t wait for the yearly pen test cycle Pen-Testing Is Largely Manual, Costly & Time Consuming And we have severe talent shortage
- 13. Mission Stay ahead of hackers.. AI based Platform for Automated Pen Testing, Red Teaming & NextGen Attack Surface Management
- 14. NextGen Attack Surface Management ● Discover shadow assets in near real time ● Combine Active and Passive recon to eliminate False Positives
- 15. AI based Pen Test: Run complex multi-stage attack paths at scale ● Automate Multi Stage Attack Trees ● Safe penetration testing ● No false positives
- 16. AI based Red Teaming: Test Your Security Control Effectiveness Against Specific Adversarial Goals ● MITRE based attacks for emulating various Red Teaming objectives ● Test security control effectiveness
- 17. AI + Humans: Pen Test as a Service (PTaaS) To Reduce False Positives, Complexity and Cost ● Eliminate false positives ● Supervised and safe exploitation ● Prioritized risks with proof of exploitation
- 18. Recognized as a Leader by Gartner, Forrester & IDC in 30+ Analyst Reports • 15 Gartner reports • 3 Gartner Hype Cycles • Notable Vendor in Forrester • IDC Innovators • Leader in 2023 GIGAOM Radar • RSAC 365 Innovation Showcase
- 19. Trusted by Fortune 500 Customers & Backed by Top VCs “The tool has exceeded our expectations in identifying numerous domains and subdomains that are shown as public, but should be private.” Top 5 Telco in USA ● Top 3 global Telecom ● Top 10 IT Companies ● Top 100 Manufacturing firms ● Mid-sized Automobile Companies ● Mid-sized Banks and Financial Services Investors