Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Shadow Blade: A tool to interact with attack vectors (2401.01960v1)

Published 3 Jan 2024 in cs.CR

Abstract: The increased demand of cyber security professionals has also increased the development of new platforms and tools that help those professionals to improve their offensive skills. One of these platforms is HackTheBox, an online cyber security training platform that delivers a controlled and safe environment for those professionals to explore virtual machines in a Capture the Flag (CTF) competition style. Most of the tools used in a CTF, or even on real-world Penetration Testing (Pentest), were developed for specific reasons so each tool usually has different input and output formats. These different formats make it hard for cyber security professionals and CTF competitors to develop an attack graph. In order to help cyber security professionals and CTF competitors to discover, select and exploit an attack vector, this paper presents Shadow Blade, a tool to aid users to interact with their attack vectors.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. “15 Cybersecurity Resources to Build Your Skills — CompTIA” URL: https://www.comptia.org/blog/cybersecurity-resources-to-build-your-skills
  2. “Active Directory” URL: https://en.wikipedia.org/wiki/Active_Directory
  3. “A host-based approach to network attack chaining analysis” In 21st Annual Computer Security Applications Conference (ACSAC’05), 2005, pp. 10 pp.–84
  4. Daniel D. Bertoglio and Avelino F. Zorzo “Overview and open issues on penetration test” In Journal of the Brazilian Computer Society 23, 2017
  5. “BloodHoundAD/BloodHound: Six Degrees of Domain Admin” URL: https://github.com/BloodHoundAD/BloodHound
  6. “Graph Theory” Springer Publishing Company, Incorporated, 2008
  7. Yixin Chen, Benjamin W. Wah and Chih-Wei Hsu “Temporal Planning Using Subgoal Partitioning and Resolution in SGPlan” In Journal of Artificial Intelligence Research 26.1 El Segundo, CA, USA: AI Access Foundation, 2006, pp. 323–369
  8. “CVE - CVE-2018-7600” URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7600
  9. “Documentation - The Go Programming Language” URL: https://golang.org/doc/
  10. “Drupal - Open Source CMS — Drupal.org” URL: https://www.drupal.org/
  11. Eric Evans “Domain-Driven Design: Tackling Complexity in the Heart of Software” Addison-Wesley, 2004
  12. “Exploit Database SearchSploit Manual” URL: https://www.exploit-db.com/searchsploit
  13. “Express - Node.js web application framework” URL: https://expressjs.com
  14. “Ffuf/ffuf: Fast web fuzzer written in Go” URL: https://github.com/ffuf/ffuf
  15. “Design Patterns: Elements of Reusable Object-Oriented Software” Addison-Wesley Professional, 1994
  16. “Gin Web Framework” URL: https://gin-gonic.com/
  17. P GNU “Free Software Foundation. Bash (3.2. 48)[Unix shell program]”, 2007
  18. “Graph Data Platform — Graph Database Management System — Neo4j” URL: https://neo4j.com/
  19. “Hack The Box” URL: https://app.hackthebox.eu/
  20. Jorg Hoffmann “Extending FF to Numerical State Variables” In Proceedings of the 15th European Conference on Artificial Intelligence, ECAI’02 Lyon, France: IOS Press, 2002, pp. 571–575
  21. “Maltego” URL: https://www.maltego.com/
  22. Lucas McDaniel, Erik Talvi and Brian Hay “Capture the Flag as Cyber Security Introduction” In 2016 49th Hawaii International Conference on System Sciences (HICSS), 2016, pp. 5479–5486
  23. “Metasploit — Penetration Testing Software, Pen Testing Security — Metasploit” URL: https://www.metasploit.com/
  24. “Nmap: the Network Mapper - Free Security Scanner” URL: https://nmap.org/
  25. “Node.js” URL: https://nodejs.org/en/
  26. Jorge Lucángeli Obes, Carlos Sarraute and Gerardo Richarte “Attack Planning in the Real World” In Computing Research Repository abs/1306.4044, 2013 arXiv: http://arxiv.org/abs/1306.4044
  27. “Specifying security aspects in UML models” In ACM/IEEE 11th International Conference on Model Driven Engineering Languages and Systems, 2008
  28. “React – A JavaScript library for building user interfaces” URL: https://reactjs.org
  29. Ariel R. Ril “shdw: Shadow Blade - A Capture the Flag Tool” URL: https://github.com/arielril/shdw
  30. “Automated generation and analysis of attack graphs” In Proceedings 2002 IEEE Symposium on Security and Privacy, 2002, pp. 273–284 DOI: 10.1109/SECPRI.2002.1004377
  31. “The Go Programming Language” URL: https://golang.org
  32. “TypeScript: JavaScript With Syntax For Types” URL: https://www.typescriptlang.org
  33. “What are General, Defensive, and Offensive Cybersecurity Tracks?” URL: https://online.maryville.edu/online-bachelors-degrees/cyber-security/understanding-cyber-security-tracks/

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now