HITB ARMORY

SECURITY tools demonstration area

The HITB Armory is where you can meet your favourite security tool authors and developers and see in-person demos of what their tools can do in 2 x 2 hour sessions in the exhibition area.

Come, meet, ask questions, and grow your skills! This is a relaxed and informal environment where you get to chat with authors about features they’re hoping to add or gain insight into some new and essential security tools to add to your arsenal!

HITB Armory is organized in collaboration with Adverse Theory and generously made possible with support from Crowdfense!

Crowdfense-transparent-bg-01.png
TOOL PRESENTATION SCHEDULE
day 1
SESSION 1
10:30 - 12:30

Mantis

SiFDetectCrackerV2

CICDGuard

LUNCH

SESSION 2
(14:00 - 16:00)

eBPFShield

AI Assisted Code Reviewer ​

BurpGPT

TCP/IP NETWORKING SOCIAL HOUR
16:30 - 18:30

day 2
SESSION 1
10:30 - 12:30

eBPFShield

AI Assisted Code Reviewer ​

BurpGPT

LUNCH

SESSION 2
(14:00 - 16:00)

Mantis

SiFDetectCrackerV2

CICDGuard

CTF PRIZE GIVING / CLOSING NOTE
16:30 - 17:00

TOOL & AUTHORS
BurpGPT - An LLM Powered Vulnerability Scanner
DOCUMENTATION

BurpGPT is the first cybersecurity tool to Leverage Large Language models (LLMs) for vulnerability detection and to support security teams in their assessments. Since its launch in 2023, it has been continuously refined with updates driven by community feedback and advancements in AI.

In essence, BurpGPT is a BurpSuite plugin that integrates with LLM providers like OpenAI and Azure AI, enabling the processing of requests and responses using natural language. This capability unlocks a vast array of use cases—most notably, identifying vulnerabilities from a cybersecurity perspective.

The Armory demonstration will showcase these limitless use cases and BurpGPT’s revolutionary scanning approach against a set of vulnerable endpoints. This demonstration will illustrate how natural language input can be weaponised to uncover vulnerabilities. As BurpGPT is a commercial tool, time-limited trial licenses will be provided during the Armory for those interested.

Alexandre Teyar

Managing Director

Aegis Cyber Limited

Alexandre is a diligent professional with integrity and well over 7 years of experience within the cyber security industry. He has worked for over a hundred different clients (ranging from small businesses to multinational corporations) operating across various industries including (but not limited to) banking and fintech.

In addition to his extensive experience within the private sector, Alexandre has also worked on various state-related projects for foreign countries where he helped them secure sensitive digital assets.

Alexandre is OSCP, OSWE & CREST certified and has a keen personal interest in developing all kinds of offensive security tools, many of which quickly became widely used within the cyber security community this includes (but not limited to) four (4) BurpSuite plugins and WireSpy (which was advertised on Pentest Academy).

Among his notable achievements is the conception of BurpGPT, a revolutionary offensive security tool that stands out as the first practical application, harnessing the capabilities of Large Language Models (LLMs) for comprehensive security audits among many other use cases. This contribution marks a significant advancement in the cybersecurity realm, showcasing Alexandre’s dedication to advancing the field with innovative solutions.

Mantis - Asset Discovery at Scale
GITHUB

Mantis is an asset inventory framework that has the capability to distribute a single scan across multiple machines, provides easy customization, dashboard support, and advanced alerting capabilities. We have not reinvented the wheel. Rather, we have tried to design an architecture that provides the essential features for a framework that involves the complexity of integrating multiple tools that are outside our control.

Our key differentiators include:

– Recon Automation
– Asset Discovery (subdomain, certificates)
– Tech Recon
– Scan
– Secrets Scanning (JS, WaybackUrls, Github – experimental)
– Identifying Phishing domains
– Misconfigurations
– Distribute a single scan and fasten your scan speeds by 2x.
– Understanding scan efficiency and failure points of a scan drilled down at a subdomain level
– Adding new tools in no time
– Advanced Alerting based on
– Teams
– Apps
– Assets/Findings
– User Tagging
– Default Dashboard support (AppSmith)
– Integration with DNS services (Route53)
– Workflow Customisation (choose tools and modules you want to run)
– Automated Scheduled Scans

Bharath Kumar

Product Security Engineer

PhonePe

Bharath is a Security Engineer at PhonePe. Bharath is an open source enthusiast with a strong passion for information security and building solutions that solve real world problems. Bharath is an Offensive Security Certified Professional (OSCP). Bharath is an active member and contributor at various security and developer communities including null open security community. Bharath has delivered talks and trainings at Sincon, ThreatCon, Nullcon, c0c0n, Defcon: Recon Village, Bsides etc You can find more about his work at https://disruptivelabs.in

Akshay Jain

Security Researcher

PhonePe

Akshay is a Security researcher with PhonePe. He has worked in the cybersecurity industry for half a decade. His primary interest lies in application security and reverse engineering.

Akshay has presented his research and delivered trainings at leading conferences such as Nullcon, Threatcon, Sincon, PHDays and inCTF.

Akshay has found multiple vulnerabilities and reported responsibly to Adobe, Apple, HP, and Google, with numerous CVEs and acknowledgements to his name.

Self Hosted, AI Assisted Code Reviewer
Manual security code reviews are slow and often miss subtle vulnerabilities due to human error and inconsistent skill levels. They aren’t scalable, making them costly as the codebase grows, and they typically happen periodically, leaving gaps in security. This reliance on individual expertise makes the process less reliable, underscoring the need for efficient and consistent AI-assisted reviews.
 

We have implemented a system for enhancing the current security code review practice, leveraging the capabilities of Codellama 13B, a locally hosted Large Language Model (LLM). Codellama 13B is optimized for deep understanding of programming languages and excels in identifying security vulnerabilities within codebases.

Key to our approach is the use of Retrieval-Augmented Generation (RAG). This technique integrates Codellama 13B’s generative capabilities with embeddings stored in ChromaDB, a specialized Vector Database designed for efficient retrieval of numerical representations (embeddings) of code snippets. These embeddings encode semantic relationships and context, enabling Codellama 13B to retrieve and analyze relevant information swiftly during reviews.

Facilitating interaction with Codellama 13B and ChromaDB is AnythingLLM, an interface that provides a prompt-based environment for querying and receiving responses from the model. The configuration includes a token context window of 25,000 tokens, allowing Codellama 13B to consider extensive code segments and dependencies, which enhances its ability to provide detailed security assessments.

By integrating Codellama 13B, ChromaDB, and AnythingLLM with RAG, we have significantly enhanced our capacity to conduct thorough and efficient security reviews. This setup not only enhances the accuracy and depth of vulnerability detection but also accelerates remediation efforts, thereby enhancing the security posture of their software.

Rajanish Pathak

Manager

KATIM

A security researcher challenging the depths and implementations in application security.

Hardik Mehta

Senior Manager

KATIM

A security researcher previously worked as a cyber security consultant with various consulting firms. I have worked with clients in Telecommunication, Media, Technology, Manufacturing and BFSI sector across South-Asian and Middle-Eastern countries.

SiFDetectCrackerV2: A Real-World AI-Synthesized Voice Detection Bypassing Tool
GITHUB

Voice is one of the most widely used media for information transmission in human society. New speech synthesis technology has made it possible to create voices that sound just like real people. These synthesized voices are now used a lot to make fake videos and for bad things, raising serious concerns regarding security and privacy.

To effectively address this risk, in recent years, a significant number of studies have focused on identifying synthesized voices, with most claiming to achieve excellent performance. But does that mean we’ve won the battle? Our previous research indicates that existing fake voice detectors are sensitive to speaker-irrelative features (SiFs).

Based on this situation, we design a tool called SiFDetectCrackerV2, a black-box adversarial attack tool to deceive fake voice detectors. It utilizes background noise and the silent parts before and after the human voice as the primary attack features, and employs an adversarial attack algorithm to determine the optimal attack parameters.

Our evaluation result shows that SiFDetectCrackerV2 achieves a high success rate in attacks.

Xuan Hai

PhD Student

Lanzhou University

PhD student at Lanzhou University.

Main research areas: computer security and privacy; AI security

Xin Liu

Associate Professor

Lanzhou University

Associate Professor, Lanzhou University

Introduction to CICDGuard - Orchestrating visibility and security of CICD ecosystem
GITHUB

CICDGuard is a graph based CICD ecosystem visualizer and security analyzer, which – 

  1. Represents entire CICD ecosystem in graph form, providing intuitive visibility and solving the awareness problem
  2. Identifies common security flaws across supported technologies and provides industry best practices and guidelines for identified flaws adhering to OWASP CICD Top10 vulnerabilities
  3. Identifies the relationship between different technologies and demonstrates how vulnerability in one component can affect one or more other technologies
  4. Technologies supported – GitHub, GitHub Action, Jenkins, JFrog, Spinnaker, Drone

 

CICD platforms are an integral part of the overall software supply chain and it processes a lot of sensitive data, compromise of which can affect the entire organization. Security IN CICD is a well discussed topic, security OF CICD deserves the same attention. One of the challenges with security OF CICD, like most areas of security, is the lack of visibility of what actually makes a CICD ecosystem. Security starts with being aware of what needs to be secure.

CICDGuard has three major modules – 

  1. Scan Engine – Responsible for scanning the target environments 
  2. Analysis Engine – Responsible for analyzing the relationship between different technologies
  3. WebUI – Graph based WebUI to visualize all data and make configuration

 

CICDGuard has been architected using the modular approach and each module of CICDGuard can function independently. For e.g. users can run each scan engine script independently and do the security analysis. Also, users can choose to have output in JSON format or print in terminal or store in Neo4j database. Output in JSON format also allows CICDGuard to integrate in the CICD pipeline itself.

This session will have a live demo scanning a test environment and providing the walkthrough of architecture, different features and sections in WebUI.

Pramod Rana

Sr. Manager - Application Security & Red Team

Netskope

Pramod Rana is author of below open source projects:

  1. Omniscient – LetsMapYourNetwork: a graph-based asset management framework
  2. vPrioritizer – Art of Risk Prioritization: a risk prioritization framework
  3. CICDGuard – Orchestrating visibility and security of CICD ecosystem

He has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HackMiami, HackInParis and Insomnihack before.  He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.

eBPFShield: Unleashing the Power of eBPF for OS Kernel Exploitation and Security
GITHUB
Are you looking for an advanced tool to detect and prevent sophisticated exploits on your systems? Look no further than eBPFShield. Here’s a technical overview of its capabilities:
 
The DNS monitoring feature detects DNS tunneling, a tactic used by attackers to bypass network security. By monitoring DNS queries, eBPFShield blocks these attempts before any damage occurs.
 
The IP-Intelligence feature monitors outbound connections against threat intelligence lists to prevent command-and-control (C2) communications. This blocks attackers from exfiltrating data or delivering payloads to your system.
 
With eBPFShield Machine Learning, you can run advanced algorithms directly in eBPF. We showcase a flow-based network intrusion detection system (IDS) using a decision tree to classify packets as malicious or benign.
eBPFShield Forensics analyzes system calls and kernel events to detect code injection and identify malicious files and processes, enabling quick remediation of security issues.
 
The following key features and their practical applications:

DNS Monitoring
 
Attendees will learn how eBPFShield monitors DNS queries to detect and block DNS tunneling attempts, a common technique used by attackers to bypass network security measures.

IP-Intelligence
 
The workshop will demonstrate how to use eBPFShield’s IP-Intelligence feature to monitor outbound connections and compare them against threat intelligence lists. This helps in preventing command-and-control (C2) communications by blocking connections to known malicious destinations.

Machine Learning Integration
 
Participants will be introduced to eBPFShield’s capability to develop and run machine learning algorithms within eBPF. They will see a demonstration of a flow-based network intrusion detection system (IDS) that uses a decision tree to classify packets as malicious or benign, considering the entire network flow context.

Forensics
 
The session will cover how eBPFShield’s forensic tools analyze system calls and kernel events to detect code injection attempts and identify malicious files and processes. This feature aids in quickly remediating security issues on Linux systems.
Through these demonstrations, attendees will gain practical knowledge of how eBPFShield can protect systems from advanced threats and enhance their overall cybersecurity posture.
 

Sagar Bhure

Engineer

F5 Networks

Sagar Bhure is a highly accomplished Security Researcher with a proven track record of excellence in his research on security. He is a filed patent holder with the US for his innovative work on ML and Security and has published several papers on the subject in top-tier journals. Sagar is also the founder of the BSides Hyderabad security community, where he actively collaborates with industry professionals to enhance security awareness and education. He currently leads various projects at OWASP, including the prestigious “ML Security Top 10” an OWASP flagship project.

Sagar has spoken at several industry-leading international conferences, including BlackHat, OWASP, and APISecure. He is regarded as a respected thought leader in the cybersecurity community, frequently invited to speak at conferences and workshops on topics related to offensive and defensive security. Sagar’s engaging presentations have helped to educate security professionals with cutting-edge research and tools to strengthen their security toolkits.