BSides Singapore 2019 Schedule

Conference Schedule 2019

BSides Singapore

Deep Exploit: Fully Automatic Penetration Test Tool Using Machine Learning

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. Deep Exploit’s key features are the following: Efficiently execute exploit: DeepExploit can execute exploits at pinpoint (minimum 1 attempt) using self-learned data. Deep penetration: If DeepExploit succeeds the exploit to the target server, then it further executes the exploit to other internal servers. Self-learning: DeepExploit can learn how to exploitation by itself (uses reinforcement learning). It is not necessary for humans to prepare learning data. Powerful intelligence gathering. To gather the information of software operated on the target server is very important for successful the exploitation. DeepExploit can identify product name and version using following methods.
- Port scanning; Machine Learning (Analyze HTTP responses gathered by Web crawling); Google Hacking

Current Deep Exploit’s version is a beta, but it can fully automatically execute following actions:
- Intelligence gathering Threat modeling Vulnerability analysis Exploitation Post-Exploitation Reporting

By using our DeepExploit, you will benefit from the following:

For pentesters: (a) They can greatly improve the test efficiency; (b) The more pentesters use DeepExploit, DeepExploit learns how to method of exploitation using machine learning. As a result, accuracy of test can be improve.

For Information Security Officers: © They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach. Because attack methods to servers are evolving day by day, there is no guarantee that yesterday’s security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. Our DeepExploit will contribute greatly to maintaining your safety.

Speaker 1
Isao Takaesu

Isao Takaesu is CISSP. He is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. He found many vulnerabilities in server of enterprises and proposed countermeasures to enterprises. He thinks that there’s more and wants to find vulnerabilities. Therefore, he is focused on artificial intelligence technology for cyber security. Now, he is developing the penetration test tool using machine learning.