Azazel System for Emergency Shelters

Transcript

1. Makoto SUGITA 2025/11/18 Azazel System for Emergency Shelters Rapid-Deploy Portable

   SOC/NOC on Raspberry Pi

2. #BHUSA @BlackHatEvents I am … @01ra66it Mr.Rabbit Linkedin Presentations 2019

   AVTOKYO HIVE🇯🇵 / SECCON YOROZU🇯🇵
 2020 Black Hat Asia Arsenal🇸🇬 / AVTOKYO HIVE🇯🇵 
 2022 SECCON Open Conference🇯🇵 — 🏅 Best Award
 2023 CODE BLUE CyberTAMAGO🇯🇵 / AVTOKYO HIVE🇯🇵
 SECCON Open Conference🇯🇵
 2024 CODE BLUE CyberTAMAGO🇯🇵 / AVTOKYO HIVE🇯🇵
 2025 BSides Tokyo🇯🇵 / BSides Las Vegas🇺🇸 
 Black Hat USA Arsenal🇺🇸 / SecTor a black hat event🇨🇦 Independent Security Researcher (hobbyist)
 Executive Member, InfoSec Workshop @ Echigo-Yuzawa
 CISSP/SSCP/CompTIA CSAP/OSWP Makoto Sugita (aka Mr. Rabbit)

3. Agenda Roadmap of Today’s Talk 1. Why Protect Emergency Networks?

   2. Concept & Architecture 3. Demo Overview 4. AI & Future Integration 5. Roadmap & Legal Considerations 6. Key Messages & Call to Action

4. Agenda Roadmap of Today’s Talk 1. Why Protect Emergency Networks?

   2. Concept & Architecture 3. Demo Overview 4. AI & Future Integration 5. Roadmap & Legal Considerations 6. Key Messages & Call to Action

5. Why Protect Emergency Networks? Disasters, Con fl icts & Vulnerable

   Civilians The estimated probability of occurrence within the next 30 years is 60–90% or higher. It might happen in 2027?

6. Networks Are Fragile in Disasters Physical Damage, Congestion, and Network

   Isolation ճઢஅઈ
   ᫔᫓ʢଳҬෆ଍ʣ
   ݽཱʢݽౡԽʣ

7. Who Is Still Left Unprotected? Civilians, Responders, and the Fragile

   Network They Share

8. Thearts to Evacuation-Shelter Wi-Fi Rogue Access Points, MITM Attacks, and

   Misinformation Risks Evil AP Real AP Strong Signal Weak Signal Original Connection MITM Connection

9. Deliberate Targeting of Humanitarian Networks Cyber Operations Against NGOs and

   Aid Organizations Ukraine (2022–): Targeted Malware Attacks on Aid Networks Communication Jamming / RF Interference NGO Sites (2025): Evilginx-based Credential Theft Phishing Campaigns Leading to Data Breaches

10. References $4*4
    $ZCFS
    8BS
    BOE
    6LSBJOF
    
    IUUQTXXXDTJTPSHBOBMZTJTDZCFSXBSBOEVLSBJOF
    +4*4
    5IF
    6LSBJOF
    8BS
    
    $ZCFSBUUBDLT
    5BSHFUJOH
    3FGVHFFT
    BOE
    )VNBOJUBSJBO
    0SHBOJ[BUJPOT
    

    
    IUUQTKTJTXBTIJOHUPOFEVOFXTUIFVLSBJOFXBSDZCFSBUUBDLTUBSHFUJOH SFGVHFFTBOEIVNBOJUBSJBOPSHBOJ[BUJPOT
    5IF
    )BDLFS
    /FXT
    3VTTJBO
    )BDLFST
    #SFBDI
    
    /(0T
    6TJOH
    &WJMHJOY
    1IJTIJOH
    WJB
    'BLF
    .JDSPTPGU
    &OUSB
    1BHFT
    
    IUUQTUIFIBDLFSOFXTDPNSVTTJBOIBDLFSTCSFBDIOHPT VTJOHIUNM

11. Agenda Roadmap of Today’s Talk 1. Why Protect Emergency Networks?

    2. Concept & Architecture 3. Demo Overview 4. AI & Future Integration 5. Roadmap & Legal Considerations 6. Key Messages & Call to Action

12. What Is Azazel System? Cyber Scapegoat Gateway - Tactical Cyber

    Defense via Deception & Delay

13. Azazel System in an Emergency Shelter From Untrusted Wi-Fi to

    a Controlled Gateway Before: Unprotected Shelter Wi-Fi • No Gateway • Shared, Untrusted Wi-Fi • Single Point of Failure After: Cyber Scapegoat Gateway in the Middle • Lure attacks into decoys • Delay and shape hostile traf fi c • Prioritize critical communications Azazel turns a fragile shelter Wi-Fi into a controlled entry point. Evacuees, Staff Azazel-Pi(Raspberry Pi) IDS/IPS · Decoys · Delay/QoS

14. Azazel-Pi Architecture Portable SOC/NOC on a Single Raspberry Pi From

    raw shelter Wi-Fi to a controlled, deceptive, and prioritized gateway. Shelter LAN (Clients) ⬇︎ ▪ Evacuees ▪ Medical Staff ▪ Relief Workers Uplink & Services ⬆︎ ▪ EMR / EMIS ▪ Gov / Relief Systems ▪ Internet / LEO / 00000JAPAN Azazel-Pi (Cyber Scapegoat Gateway) Detection & Deception ▪ Suricata IDS/IPS ▪ OpenCanary Decoys Control & Delay ▪ tc / nftables ▪ Delay · Shaping · Blocking ▪ (Portal / Shield / Lockdown) Intelligence & Scoring ▪ Threat Scoring Engine ▪ Mock LLM + Local LLM Operations & Visibility ▪ azctl TUI / CLI ▪ Log Pipeline ▪ Alerts to Mattermost Raspberry Pi 5 · Linux · Container / Services Shelter Traf fi c (Untrusted) Prioritized & Protected Traf fi c

15. Agenda Roadmap of Today’s Talk 1. Why Protect Emergency Networks?

    2. Concept & Architecture 3. Demo Overview 4. AI & Future Integration 5. Roadmap & Legal Considerations 6. Key Messages & Call to Action

16. Demo #1: Boot & Readiness From Power-On to a Ready

    SOC/NOC Power On 
 System Services Up Azazel-Pi Ready 0:00 0:45 1:30 • Single Raspberry Pi 5 • Boot to Ready: ~ɹ90 seconds • Power Draw: ~13 W ( fi eld test)

17. Demo #2: From Detection to Decoy Redirecting Suspicious SSH Traf

    fi c into OpenCanary Step 1 Attacker runs a brute-force SSH scan. Step 2 Suricata detects it. Step 3 Azazel responds with: • tc to delay the traf fi c • iptables to divert it to OpenCanary • Sends an alert via Mattermost Step 4 OpenCanary logs the deception activity. Step 5 Once calm — traf fi c is restored.

18. #BHUSA @BlackHatEvents DEMO

19. Agenda Roadmap of Today’s Talk 1. Why Protect Emergency Networks?

    2. Concept & Architecture 3. Demo Overview 4. AI & Future Integration 5. Roadmap & Legal Considerations 6. Key Messages & Call to Action

20. AI & Future Integration Hybrid Threat Evaluation & Safe Portal

    Roadmap 1.Suricata / OpenCanary alerts ↓ 2.Mock LLM (rules + heuristics) ↓ 3.Local LLM (Ollama, Pi-friendly model) ↓ 4.Threat Score → Mode Change / Alert 1. Safe Portal (QR-based Access) • QR login to trusted portal • No fake SSID / phishing page 2. User / Role Triage • Evacuees • Medical staff 3. QoS Policy Engine (Future) • AI-assisted policy suggestions • Prioritize EMR & command traf fi c • Degrade or delay low-priority / suspicious fl ows Next: Safe Portal & QoS Triage Today: On-Device Threat Scoring Already implemented and demoed today. Planned features for real shelters: tested step-by-step with operators.

21. Agenda Roadmap of Today’s Talk  8IZ
    1SPUFDU
    &NFSHFODZ
    /FUXPSLT
     $PODFQU
    
    "SDIJUFDUVSF
    

     %FNP
    0WFSWJFX
     "*
    
    'VUVSF
    *OUFHSBUJPO
     3PBENBQ
    
    -FHBM
    $POTJEFSBUJPOT
     ,FZ
    .FTTBHFT
    
    $BMM
    UP
    "DUJPO

22. Roadmap & Legal Considerations From Lab Prototype to Real Shelters

    (Conceptual Plan) Deployment Roadmap • Stage 1 – Lab Prototype (Now)
 ɹPoC in controlled network • Stage 2 – Tabletop & Cyber Range Drills
 ɹSimulated shelters, attack scenarios • Stage 3 – Small-Scale Shelter Pilot
 ɹOne municipality, volunteer staff • Stage 4 – Multi-Shelter Deployment & Training
 ɹStandard playbooks, training for operators • Stage 5 – Integration with National Frameworks
 ɹ00000JAPAN / LEO / emergency plans Legal & Ethical Guardrails (Planned) 1. Defense-Only, No Hacking Back 2. Operator Consent & Transparency 3. Minimal Logging & Privacy by Design 4. Time-Bound & Scope-Bound Use All items are conceptual and subject to legal review in Japan

23. Agenda Roadmap of Today’s Talk 1. Why Protect Emergency Networks?

    2. Concept & Architecture 3. Demo Overview 4. AI & Future Integration 5. Roadmap & Legal Considerations 6. Key Messages & Call to Action

24. Protect · Delay · Sustain Key Messages & How You

    Can Help 1. Test & Adapt Azazel-Pi • Try it in labs, ranges, and drills. 2. Co-Design Real Shelter Pilots • Work with us on operations, training, and UX. 3. Review, Extend, and Challenge the Design • Security, legal, and humanitarian perspectives welcome. Protect Delay Sustain

25. #BHUSA @BlackHatEvents Thank you! Azazel System https://github.com/01rabbit/Azazel @01ra66it Mr.Rabbit Azazel-Pi

    https://github.com/01rabbit/Azazel-Pi