Keynote : AI & Future Of Offensive Security
cisoplatform7
331 views
20 slides
Jul 17, 2024
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
In the presentation, the focus is on the transformative impact of artificial intelligence (AI) in cybersecurity, particularly in the context of malware generation and adversarial attacks. AI promises to revolutionize the field by enabling scalable solutions to historically challenging problems such ...
Slide Content
AI & Future of Offensive Security
FireCompass Technologies Inc.
www.firecompass.com
Arnab Chattopadhyay, Chief Research Officer
Nirmal Kumar, VP – Sales
FireCompass Technologies Inc.
www.firecompass.com
Arnab Chattopadhyay, Chief Research Officer
Nirmal Kumar, VP – Sales
Only 10% of assets covered in a single pentest
Pentest done yearly/quarterly
VS
2200 #Attacks / Day / IP
Organizations Pentest some of
the assets some of the time
Hackers attack all of the
assets all of the time
*
Pentest done yearly/quarterly
VS
2200 #Attacks / Day / IP
Organizations Pentest some of
the assets some of the time
Hackers attack all of the
assets all of the time
*
AI Use Cases for Security Testing
●Malware Generation and Analysis
●Adversarial Attack Simulation
●Phishing Email Generation
●Attack Payload Generation
●Synthetic User Behavior Creation
●Password Cracking
●Autonomous Attack Path Generation
●Deepfake Image Creation
●Firewall Rule Testing
●Incident Response Training
●Content Filter Testing
●NLP for Threat Intelligence
●Security Policy Validation
●Security Documentation Review
●Malware Generation and Analysis
●Adversarial Attack Simulation
●Phishing Email Generation
●Attack Payload Generation
●Synthetic User Behavior Creation
●Password Cracking
●Autonomous Attack Path Generation
●Deepfake Image Creation
●Firewall Rule Testing
●Incident Response Training
●Content Filter Testing
●NLP for Threat Intelligence
●Security Policy Validation
●Security Documentation Review
New class of Threat - AI Powered Malware
AI Powered
Malware
Evasion
Techniques
Dodge Sandbox
Adapt to
Environment
Using previous
Data
New Malware
Variants
Anti Reversing
Autonomous
Smart Decisions
Eliminating C2
Execute
machine-speed
Targeted attack
Cross platform
AI against AI
Adversarial
attack
Poisoning data
Steal valuable
data
Model stealing
Bio-inspired and
Swarm intelligence
Bio Inspired
Evolvable
malware
Swarm based
intelligence
Mutating
malware
AI Powered
Malware
Evasion
Techniques
Dodge Sandbox
Adapt to
Environment
Using previous
Data
New Malware
Variants
Anti Reversing
Autonomous
Smart Decisions
Eliminating C2
Execute
machine-speed
Targeted attack
Cross platform
AI against AI
Adversarial
attack
Poisoning data
Steal valuable
data
Model stealing
Bio-inspired and
Swarm intelligence
Bio Inspired
Evolvable
malware
Swarm based
intelligence
Mutating
malware
BlackMamba
BlackMamba - an AI powered malware
AI-synthesized, polymorphic keylogger
with on-the-fly program modification
BlackMamba comprises
two main components.
First: Python-compiled,
executable consisting of two
functions and a few imports
(benign component)
Second: Polymorphic
payload that is generated
and executed at runtime,
consisting of the malicious
keylogging functionality
AI-synthesized, polymorphic keylogger
with on-the-fly program modification
BlackMamba comprises
two main components.
First: Python-compiled,
executable consisting of two
functions and a few imports
(benign component)
Second: Polymorphic
payload that is generated
and executed at runtime,
consisting of the malicious
keylogging functionality
BlackMamba - Prompt Engineering
BlackMamba - Polymorphic Code Generation and Execution
BlackMamba - Data Exfiltration using MS Teams
Use AI as Hackers would….
augment your
classical Security Testing with AI
*
Don’t bring a knife to a gun-fight
augment your
classical Security Testing with AI
*
Don’t bring a knife to a gun-fight
Continuous Pentesting
Continuous Red Teaming
External Attack Surface Management (EASM)
Know Your Attack Surface
Before Your Adversary Does
Continuous Red Teaming
External Attack Surface Management (EASM)
Know Your Attack Surface
Before Your Adversary Does
Why Traditional Pen Testing/Vulnerability
Management Fails?
Organizations Pen Test
Only Partial Asset
Inventory
Most organizations only pentest
10-20% of their crown jewel assets.
Whereas attackers are gaining
initial access through the 80%
peripheral assets.
Organizations Pen-Test
Yearly/Quarterly; Hackers
Attack Continuously
40% of new CVEs have exploits
available within 24 hours
Hacker’s don’t wait for the yearly
pen test cycle
Pen-Testing Is Largely
Manual, Costly & Time
Consuming
And we have severe talent
shortage
Management Fails?
Organizations Pen Test
Only Partial Asset
Inventory
Most organizations only pentest
10-20% of their crown jewel assets.
Whereas attackers are gaining
initial access through the 80%
peripheral assets.
Organizations Pen-Test
Yearly/Quarterly; Hackers
Attack Continuously
40% of new CVEs have exploits
available within 24 hours
Hacker’s don’t wait for the yearly
pen test cycle
Pen-Testing Is Largely
Manual, Costly & Time
Consuming
And we have severe talent
shortage
Mission
Stay ahead of hackers..
AI based Platform for Automated Pen
Testing, Red Teaming & NextGen Attack
Surface Management
Stay ahead of hackers..
AI based Platform for Automated Pen
Testing, Red Teaming & NextGen Attack
Surface Management
NextGen Attack Surface Management
●Discover shadow
assets in near real
time
●Combine Active
and Passive recon
to eliminate False
Positives
●Discover shadow
assets in near real
time
●Combine Active
and Passive recon
to eliminate False
Positives
AI based Pen Test: Run complex multi-stage
attack paths at scale
●Automate Multi
Stage Attack Trees
●Safe penetration
testing
●No false positives
attack paths at scale
●Automate Multi
Stage Attack Trees
●Safe penetration
testing
●No false positives
AI based Red Teaming: Test Your Security Control
Effectiveness Against Specific Adversarial Goals
●MITRE based
attacks for
emulating various
Red Teaming
objectives
●Test security control
effectiveness
Effectiveness Against Specific Adversarial Goals
●MITRE based
attacks for
emulating various
Red Teaming
objectives
●Test security control
effectiveness
AI + Humans: Pen Test as a Service (PTaaS) To Reduce
False Positives, Complexity and Cost
●Eliminate false
positives
●Supervised and
safe exploitation
●Prioritized risks with
proof of exploitation
False Positives, Complexity and Cost
●Eliminate false
positives
●Supervised and
safe exploitation
●Prioritized risks with
proof of exploitation
Recognized as a Leader by Gartner, Forrester & IDC
in 30+ Analyst Reports
•15 Gartner reports
•3 Gartner Hype Cycles
•Notable Vendor in Forrester
•IDC Innovators
•Leader in 2023 GIGAOM Radar
•RSAC 365 Innovation Showcase
in 30+ Analyst Reports
•15 Gartner reports
•3 Gartner Hype Cycles
•Notable Vendor in Forrester
•IDC Innovators
•Leader in 2023 GIGAOM Radar
•RSAC 365 Innovation Showcase
Trusted by Fortune 500 Customers & Backed by Top VCs
“The tool has exceeded
our expectations in
identifying numerous
domains and subdomains
that are shown as public,
but should be private.”
Top 5 Telco in USA
●Top 3 global Telecom
●Top 10 IT Companies
●Top 100 Manufacturing firms
●Mid-sized Automobile Companies
●Mid-sized Banks and Financial Services
Investors
“The tool has exceeded
our expectations in
identifying numerous
domains and subdomains
that are shown as public,
but should be private.”
Top 5 Telco in USA
●Top 3 global Telecom
●Top 10 IT Companies
●Top 100 Manufacturing firms
●Mid-sized Automobile Companies
●Mid-sized Banks and Financial Services
Investors
Thank You
www.FireCompass.com
www.FireCompass.com
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 331
- Slides 20
- Age 503 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
20 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views