This post contains all the vulnerabilities identified by me in Amcrest Devices.
Monthly Archives: July 2024
Applied Machine Learning/Neural Networks: Offensive Security
For attackers, aggressive collection of data often leads to the disclosure of infrastructure, initial access techniques, and malware being unceremoniously pulled apart by analysts. The application of machine learning in the defensive space has not only increased the cost of being an attacker, but has also limited a techniques’ operational life significantly. In the world that attackers currently find themselves in:1. Mass data collection and analysis is accessible to defensive software, and by extension, defensive analysts2. Machine learning is being used everywhere to accelerate defensive maturityAttackers are always at a disadvantage, as we as humans try to defeat auto-learning systems that use every bypass attempt to learn more about us, and predict future bypass attempts. This is especially true for public research, and static bypasses. However, as we will present here, machine learning isn’t just for blue teams. In this book we will show how we can actually use machine learning, neural network algorithms that can allow us as pentesters, red teamers, offensive security analysts, etc. to create programs that can help automate steps in offensive attacks. We will see how simple classification, clustering techniques to RNNs, CNNs, etc. can be used to create offensive security programs that can identify vulnerabilities in systems. This book presents real world examples that can help pentesters and red teamers to learn about these algorithms as well as examples that can allow to understand how to use them.
HACKING SCADA/INDUSTRIAL CONTROL SYSTEMS 2: The Pentest Guide
This is the second edition of the book “Hacking SCADA/ICS: The Pentest Guide”. It expands on the original series by giving examples of how to assess SCADA/ICS systems and also gives a live example of hacking Moxa Industrial Router. The book delves into specific details and methodology of how to perform security assessments against the SCADA and Industrial control systems. The goal of this book is to provide a roadmap to the security assessors such as security analysts, pentesters, security architects, etc. and use the existing techniques that they are aware about and apply them to perform security assessments against the SCADA world. The book shows that the same techniques used to assess IT environments can be used for assessing the efficacy of defenses that protect the ICS/SCADA systems as well.
